Apache Subversion 1.4.x - 1.7.13 / 1.8.x < 1.8.5 Multiple DoS
Low Nessus Plugin ID 71569
SynopsisThe remote host has an application that is affected by multiple denial of service vulnerabilities.
DescriptionThe installed version of Subversion Server is affected by multiple denial of service vulnerabilities :
- An error exists related to the 'mod_dontdothat' module and handling relative URLs sent from serf-based clients. (CVE-2013-4505)
- An error exists related to the 'mod_dav_svn' module and handling unspecified requests. Note that this issue reportedly only affects the 1.7 and 1.8 branches, including versions 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4. (CVE-2013-4558)
SolutionUpgrade to Subversion Server 1.7.14 / 1.8.5 or later or apply the vendor patches or workarounds.