Apache Subversion 1.3.x - 1.7.14 / 1.8.x < 1.8.8 'mod_dav_svn' DoS

medium Nessus Plugin ID 72744

Synopsis

The remote host has an application that is affected by a denial of service vulnerability.

Description

The installed version of Subversion Server is affected by an error related to 'mod_dav_svn', the 'SVNListParentPath' configuration option, and handling 'OPTIONS' requests that could allow denial of service attacks.

Solution

Upgrade to Subversion Server 1.7.16 / 1.8.8 or later, or apply the vendor-supplied patch or workaround.

See Also

http://subversion.apache.org/security/CVE-2014-0032-advisory.txt

http://svn.apache.org/viewvc?view=revision&revision=1557320

Plugin Details

Severity: Medium

ID: 72744

File Name: subversion_1_8_8.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 2/28/2014

Updated: 7/30/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apache:subversion

Required KB Items: installed_sw/Subversion Server, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 1/11/2014

Vulnerability Publication Date: 1/10/2014

Reference Information

CVE: CVE-2014-0032

BID: 65434