Amazon Linux AMI : subversion (ALAS-2014-318)

medium Nessus Plugin ID 73237


The remote Amazon Linux AMI host is missing a security update.


A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash.

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the 'svn ls' command.


Run 'yum update subversion' to update your system.

See Also

Plugin Details

Severity: Medium

ID: 73237

File Name: ala_ALAS-2014-318.nasl

Version: 1.5

Type: local

Agent: unix

Published: 3/28/2014

Updated: 4/18/2018

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:mod_dav_svn, p-cpe:/a:amazon:linux:subversion, p-cpe:/a:amazon:linux:subversion-debuginfo, p-cpe:/a:amazon:linux:subversion-devel, p-cpe:/a:amazon:linux:subversion-javahl, p-cpe:/a:amazon:linux:subversion-libs, p-cpe:/a:amazon:linux:subversion-perl, p-cpe:/a:amazon:linux:subversion-python, p-cpe:/a:amazon:linux:subversion-ruby, p-cpe:/a:amazon:linux:subversion-tools, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 3/25/2014

Reference Information

CVE: CVE-2014-0032

ALAS: 2014-318