Apache Subversion < 1.8.1 / 1.7.11 Remote Denial of Service Vulnerability

low Log Correlation Engine Plugin ID 801443

Synopsis

The remote host is running a version of Apache Subversion that is vulnerable to a denial of service vulnerability.

Description

The remote host is running a version of Apache Subversion that is vulnerable to a denial of service vulnerability, specifically within the 'mod_dav_svn' module, which improperly handles certain HTTP requests in a way that can be leveraged by an attacker to execute a denial of service against the system.

Solution

Patches are available from the vendor; upgrade to version 1.8.1 / 1.7.11 or later.

See Also

tools.cisco.com/security/center/viewAlert.x?alertId=30213

subversion.apache.org/security/CVE-2013-4131-advisory.txt

Plugin Details

Severity: Low

ID: 801443

Family: Web Servers

Published: 8/2/2013

Updated: 8/2/2013

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

Patch Publication Date: 7/25/2013

Vulnerability Publication Date: 7/25/2013

Reference Information

CVE: CVE-2013-4131

BID: 61454