Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Subversion < 1.6.23 / 1.7.x < 1.7.10 Multiple Vulnerabilities

High

Synopsis

The remote host is running a version of Apache Subversion that is vulnerable to multiple attack vectors.

Description

Versions of Apache Subversion prior to 1.6.23, or 1.7.x prior to 1.7.10 are affected by the following vulnerabilities :

- Remote denial-of-service vulnerabilities exist due to an error in the 'svnserve' server, as it does not properly handle aborted connection messages. (CVE-2013-1968, CVE-2013-2112) - A command injection vulnerability exists in the 'svn-keyword-check.pl' hook script while processing filenames. (CVE-2013-2088)

Solution

Upgrade to Apache Subversion 1.7.10 or later. If 1.7.x cannot be obtained, 1.6.23 is also patched for these vulnerabilities.