Detections
Analytics

Apache Subversion 1.6.x / 1.7.x / 1.8.x < 1.6.23 / 1.7.11 / 1.8.1 Multiple Vulnerabilities

high Nessus Plugin ID 71566

Language:

Synopsis

The remote host has an application that is affected by multiple vulnerabilities.

Description

The installed version of Subversion Server is affected by the following vulnerabilities :

 - An input validation error exists in two files in the 'contrib/' directory that could allow arbitrary code execution. Note that this issue does not affect version 1.8.0. (CVE-2013-2088)

 - An error exists related to the 'mod_dav_svn' Apache module that could allow denial of service attacks. Note that this issue does not affect the 1.6.x branch.
 (CVE-2013-4131)

Solution

Upgrade to Subversion Server 1.6.23 / 1.7.11 / 1.8.1 or later, or apply the vendor patches or workarounds.

See Also

http://subversion.apache.org/security/CVE-2013-2088-advisory.txt

http://subversion.apache.org/security/CVE-2013-4131-advisory.txt

Plugin Details

Severity: High

ID: 71566

File Name: subversion_1_8_1.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 12/20/2013

Updated: 7/30/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apache:subversion

Required KB Items: Settings/ParanoidReport, installed_sw/Subversion Server

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/24/2013

Vulnerability Publication Date: 5/31/2013

Reference Information

CVE: CVE-2013-2088, CVE-2013-4131

BID: 60265, 61454