Apache Subversion < 1.8.0 / 1.7.10 / 1.6.23 Multiple Vulnerabilities

Medium Log Correlation Engine Plugin ID 800980

Synopsis

The remote host is running a version of Apache Subversion that is vulnerable to multiple attack vectors. Subversion is an open-source version-control application that is available for numerous platforms, including Microsoft Windows, UNIX, and UNIX-like operating systems.

Description

The installed version of SVN is affected by the following vulnerabilities:

- Remote denial-of-service vulnerabilities exist due to an error in the svnserve server, as it does not properly handle aborted connection messages. (CVE-2013-1968, CVE-2013-2112)

- A command-injection vulnerability exists in the 'svn-keyword-check.pl' hook script while processing filenames. (CVE-2013-2088)

Solution

Updates are available. Alternatively, upgrade to versions 1.8.0, 1.7.10, or 1.6.23.

See Also

subversion.apache.org/security/CVE-2013-1968-advisory.txt

subversion.apache.org/security/CVE-2013-2088-advisory.txt

subversion.apache.org/security/CVE-2013-2112-advisory.txt

Plugin Details

Severity: Medium

ID: 800980

Family: Web Servers

Published: 2013/06/04

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2013/06/03

Vulnerability Publication Date: 2013/06/03

Reference Information

CVE: CVE-2013-2112, CVE-2013-2088, CVE-2013-1968

BID: 60264, 60265, 60267