The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html
http://rhn.redhat.com/errata/RHSA-2015-1633.html
http://rhn.redhat.com/errata/RHSA-2015-1742.html
http://subversion.apache.org/security/CVE-2015-0248-advisory.txt
http://www.debian.org/security/2015/dsa-3231
http://www.mandriva.com/security/advisories?name=MDVSA-2015:192
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/74260
http://www.securitytracker.com/id/1033214
http://www.ubuntu.com/usn/USN-2721-1
OR
cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
OR
OR
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
93992 | GLSA-201610-05 : Subversion, Serf: Multiple Vulnerabilities | Nessus | Gentoo Local Security Checks | high |
86510 | CentOS 7 : subversion (CESA-2015:1742) | Nessus | CentOS Local Security Checks | medium |
8972 | Apache Subversion 1.7.x < 1.7.20 / 1.8.x < 1.8.12 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
86245 | Apple Xcode < 7.0 (Mac OS X) (POODLE) | Nessus | MacOS X Local Security Checks | high |
85978 | RHEL 7 : subversion (RHSA-2015:1742) | Nessus | Red Hat Local Security Checks | medium |
85867 | Scientific Linux Security Update : subversion on SL7.x x86_64 (20150908) | Nessus | Scientific Linux Local Security Checks | medium |
85865 | Oracle Linux 7 : subversion (ELSA-2015-1742) | Nessus | Oracle Linux Local Security Checks | medium |
85632 | Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2015-587) | Nessus | Amazon Linux Local Security Checks | high |
85579 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : subversion vulnerabilities (USN-2721-1) | Nessus | Ubuntu Local Security Checks | high |
85503 | Scientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150817) | Nessus | Scientific Linux Local Security Checks | medium |
85494 | RHEL 6 : subversion (RHSA-2015:1633) | Nessus | Red Hat Local Security Checks | medium |
85489 | Oracle Linux 6 : subversion (ELSA-2015-1633) | Nessus | Oracle Linux Local Security Checks | medium |
85461 | CentOS 6 : subversion (CESA-2015:1633) | Nessus | CentOS Local Security Checks | medium |
85065 | Fedora 21 : subversion-1.8.13-7.fc21 (2015-11795) | Nessus | Fedora Local Security Checks | high |
83060 | Debian DLA-207-1 : subversion security update | Nessus | Debian Local Security Checks | medium |
82930 | Debian DSA-3231-1 : subversion - security update | Nessus | Debian Local Security Checks | medium |
82635 | openSUSE Security Update : subversion (openSUSE-2015-289) | Nessus | SuSE Local Security Checks | high |
82563 | Mandriva Linux Security Advisory : subversion (MDVSA-2015:192) | Nessus | Mandriva Local Security Checks | high |
82481 | FreeBSD : subversion -- DoS vulnerabilities (8e887b71-d769-11e4-b1c2-20cf30e32f6d) | Nessus | FreeBSD Local Security Checks | high |