Apache Subversion < 1.6.23 / 1.7.x < 1.7.10 Multiple Remote DoS

Medium Nessus Plugin ID 68930


The remote host has an application that is affected by multiple denial of service vulnerabilities.


The installed version of Apache Subversion Server is prior to 1.6.23 or 1.7.x prior to 1.7.10. It is, therefore, affected by multiple remote denial of service vulnerabilities :

- A flaw exists when handling specially crafted filenames that could result in corruption of the FSFS repository.
A workaround exists to install a pre-commit hook that will prevent unsanitized filenames from being committed into the repository. (CVE-2013-1968)

- A flaw exists in svnserve server where improperly handled aborted connection message are handled as critical errors. (CVE-2013-2112)


Upgrade to Apache Subversion Server 1.6.23 / 1.7.10 / 1.8.0 or later or apply the vendor patches or workarounds.

See Also



Plugin Details

Severity: Medium

ID: 68930

File Name: subversion_1_6_23.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2013/07/17

Modified: 2014/10/06

Dependencies: 40619

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apache:subversion

Required KB Items: installed_sw/Subversion Server, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/05/31

Vulnerability Publication Date: 2013/05/31

Reference Information

CVE: CVE-2013-1968, CVE-2013-2112

BID: 60264, 60267

OSVDB: 93795, 93796