what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2014-8108

Status Candidate

Overview

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

Related Files

Ubuntu Security Notice USN-2721-1
Posted Aug 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2721-1 - It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3580, CVE-2014-8108, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187
SHA-256 | bf924d06c07de07ad62f90ddaca26ec6d2f16b7478d76f99c2a041bc556bda43
Apple Security Advisory 2015-03-09-4
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-4 - Xcode 6.2 is now available and addresses spoofing and validation checking issues.

tags | advisory, spoof
systems | apple
advisories | CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108, CVE-2014-9390
SHA-256 | 4a50eb3c136fe092fc8abd8396cccba8eb128f4a15cfe7c70ec4f0d941b01848
Red Hat Security Advisory 2015-0166-01
Posted Feb 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0166-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2014-3528, CVE-2014-3580, CVE-2014-8108
SHA-256 | 14ceb39b1255e0e10f6f24ed01245c9f79aba9bce5d54637ab1fcd4c09d61d42
Mandriva Linux Security Advisory 2015-005
Posted Jan 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-005 - A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-3580, CVE-2014-8108
SHA-256 | d13ea010371425cf8a9fd6eb8987085bef55351cbb1da6f338800d6a56ee2ebd
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close