Twenty Year Anniversary
Showing 1 - 8 of 8 RSS Feed

CVE-2015-0251

Status Candidate

Overview

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

Related Files

Gentoo Linux Security Advisory 201610-05
Posted Oct 12, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-5 - Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code. Versions less than 1.9.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0032, CVE-2014-3504, CVE-2014-3522, CVE-2014-3528, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187, CVE-2015-5259, CVE-2016-2167, CVE-2016-2168
MD5 | 916be257dcb1e0d416f288115bbc538f
Apple Security Advisory 2015-09-16-2
Posted Sep 19, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-16-2 - Xcode 7.0 is now available and addresses traffic inspection, access bypass, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-6394, CVE-2015-0248, CVE-2015-0251, CVE-2015-3185, CVE-2015-5909, CVE-2015-5910
MD5 | ade5a7d6d0447cb57a4dc91a1fdf8ddd
Red Hat Security Advisory 2015-1742-01
Posted Sep 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1742-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187
MD5 | 5c005fc0c9b61f39851b4d9e769ec00f
Ubuntu Security Notice USN-2721-1
Posted Aug 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2721-1 - It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3580, CVE-2014-8108, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187
MD5 | c18aa7053ab3060fa8107ba5f8fa27ab
Red Hat Security Advisory 2015-1633-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1633-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-0248, CVE-2015-0251, CVE-2015-3187
MD5 | 9ee6112c42f578393b2a686a661880e8
Subversion HTTP Servers svn:author Spoofing
Posted Jun 11, 2015
Authored by Bruno Luiz

Subversion's mod_dav_svn server allows setting arbitrary svn:author property values when committing new revisions. This can be accomplished using a specially crafted sequence of requests. An evil-doer can fake svn:author values on his commits. However, as authorization rules are applied to the evil-doer's true username, forged svn:author values can only happen on commits that touch the paths the evil-doer has write access to.

tags | advisory, arbitrary
advisories | CVE-2015-0251
MD5 | 4d10a37d4cdda913b01f920dc6d7b199
Debian Security Advisory 3231-1
Posted Apr 22, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3231-1 - Several vulnerabilities were discovered in Subversion, a version control system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-0248, CVE-2015-0251
MD5 | c44e7acefb73bf4354e96c9ac7ccf420
Mandriva Linux Security Advisory 2015-192
Posted Apr 3, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-192 - Multiple vulnerabilities has been discovered and corrected in subversion. Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Subversion HTTP servers allow spoofing svn:author property values for new revisions. The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed.

tags | advisory, web, denial of service, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2015-0202, CVE-2015-0248, CVE-2015-0251
MD5 | 133f2b011d000810debd838ff3282394
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    8 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close