exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

CVE-2011-1921

Status Candidate

Overview

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.

Related Files

Gentoo Linux Security Advisory 201309-11
Posted Sep 23, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-11 - Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information. Versions less than 1.7.13 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2010-4539, CVE-2010-4644, CVE-2011-0715, CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2013-1884, CVE-2013-1968, CVE-2013-2088, CVE-2013-2112, CVE-2013-4131, CVE-2013-4277
MD5 | 929cdeffca997902104b587c3f0fbd1d
Apple Security Advisory 2012-02-01-1
Posted Feb 3, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-02-01-1 - Apple has addressed 48 security vulnerabilities. These issues existed in packages such as Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreMedia, CoreText, curl and much more.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-0200, CVE-2011-0241, CVE-2011-1148, CVE-2011-1167, CVE-2011-1657, CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2011-1938, CVE-2011-2023, CVE-2011-2192, CVE-2011-2202, CVE-2011-2204, CVE-2011-2483, CVE-2011-2895, CVE-2011-2937, CVE-2011-3182, CVE-2011-3189, CVE-2011-3246, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3252, CVE-2011-3256
MD5 | 8fe868bea54053b8adeccaecf10eb251
Red Hat Security Advisory 2011-0862-01
Posted Jun 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0862-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An infinite loop flaw was found in the way the mod_dav_svn module processed certain data sets. If the SVNPathAuthz directive was set to "short_circuit", and path-based access control for files and directories was enabled, a malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
MD5 | 86d938e640147e2fd937a76f09898688
Ubuntu Security Notice USN-1144-1
Posted Jun 7, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1144-1 - Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain baselined WebDAV resource requests. A remote attacker could use this flaw to cause the service to crash, leading to a denial of service. Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests. A remote attacker could use this flaw to cause the service to consume all available resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
MD5 | baa9634792a202fa58cba0ec7262b05a
Mandriva Linux Security Advisory 2011-106
Posted Jun 4, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-106 - The mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
MD5 | 33f2fcb4f1ab29e8c932610e81f51684
Debian Security Advisory 2251-1
Posted Jun 2, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2251-1 - Several vulnerabilities were discovered in Subversion, the version control system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
MD5 | e6ac763601f8bca6bab0b28c7ad0409b
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    34 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close