Detections
Analytics

Apache Subversion 1.7.x < 1.7.19 / 1.8.x < 1.8.11 Multiple Remote DoS

medium Nessus Plugin ID 80864

Language:

Synopsis

The remote host is affected by multiple remote denial of service vulnerabilities.

Description

The remote host is running a version of Apache SVN 1.7.x prior to 1.7.19 or 1.8.x prior to 1.8.11. It is, therefore, affected by multiple denial of service vulnerabilities :

 - A NULL pointer dereference flaw exists in 'mod_dav_svn' that is triggered when handling REPORT requests. A remote attacker, using a specially crafted request, can cause the listener process to crash. (CVE-2014-3580)

 - A NULL pointer dereference flaw exists in 'mod_dav_svn' that is triggered when handling requests for non-existent virtual transaction names. A remote attacker, using a specially crafted request, can cause the listener process to crash. (CVE-2014-8108)

Solution

Upgrade to Subversion 1.7.19 / 1.8.11 or later.

See Also

http://subversion.apache.org/security/CVE-2014-3580-advisory.txt

http://subversion.apache.org/security/CVE-2014-8108-advisory.txt

Plugin Details

Severity: Medium

ID: 80864

File Name: apache_mod_dav_svn_remote_dos.nasl

Version: 1.4

Type: remote

Family: Web Servers

Published: 1/20/2015

Updated: 6/27/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:apache:subversion

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 12/15/2014

Vulnerability Publication Date: 12/13/2014

Reference Information

CVE: CVE-2014-3580, CVE-2014-8108

BID: 71725, 71726