Apache Subversion < 1.6.21 / 1.7.x < 1.7.9 Multiple DoS

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by multiple denial
of service vulnerabilities.

Description :

The version of Apache Subversion Server installed on the remote host
is prior to 1.6.21 or 1.7.x prior to 1.7.9. It is, therefore, affected
by multiple denial of service (DoS) vulnerabilities in the
'mod_dav_svn' Apache HTTPD server module :

- A flaw exists in 'mod_dav_svn' that is triggered when
handling node properties. (CVE-2013-1845)

- A NULL pointer dereference exists in the 'mod_dav_svn'
module, triggered during the handling of a crafted Log
REPORT request, URL lock request, LOCK request against
non-existent URL, or URL PROPFIND request.
(CVE-2013-1846, CVE-2013-1847, CVE-2013-1849)

- A NULL pointer dereference exists in the 'mod_dav_svn'
module, triggered during the handling of a crafted Log
REPORT request. This flaw reportedly affects Apache
Subversion 1.7.x only. (CVE-2013-1884)

See also :

http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
http://subversion.apache.org/security/CVE-2013-1849-advisory.txt
http://subversion.apache.org/security/CVE-2013-1884-advisory.txt

Solution :

Upgrade to Apache Subversion Server 1.6.21 / 1.7.9 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 66474 ()

Bugtraq ID: 58323
58895
58896
58897
58898

CVE ID: CVE-2013-1845
CVE-2013-1846
CVE-2013-1847
CVE-2013-1849
CVE-2013-1884

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now