Vulnerabilities > CVE-2014-8108 - Remote Denial of Service vulnerability in Apache Subversion
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
Vulnerable Configurations
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0166.NASL description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server last seen 2020-06-01 modified 2020-06-02 plugin id 81278 published 2015-02-11 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81278 title CentOS 7 : subversion (CESA-2015:0166) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0166 and # CentOS Errata and Security Advisory 2015:0166 respectively. # include("compat.inc"); if (description) { script_id(81278); script_version("1.7"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2014-3528", "CVE-2014-3580", "CVE-2014-8108"); script_xref(name:"RHSA", value:"2015:0166"); script_name(english:"CentOS 7 : subversion (CESA-2015:0166)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol." ); # https://lists.centos.org/pipermail/centos-announce/2015-February/020931.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f3bc739f" ); script_set_attribute( attribute:"solution", value:"Update the affected subversion packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3580"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"mod_dav_svn-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-devel-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-gnome-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-javahl-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-kde-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-libs-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-perl-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-python-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-ruby-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-tools-1.7.14-7.el7_0")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-devel / subversion-gnome / etc"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-821.NASL description This Apache Subversion update fixes the following security and non security issues. - Apache Subversion 1.8.11 - This release addresses two security issues: [boo#909935] - CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. - CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. - Client-side bugfixes : - checkout/update: fix file externals failing to follow history and subsequently silently failing - patch: don last seen 2020-06-05 modified 2014-12-30 plugin id 80299 published 2014-12-30 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80299 title openSUSE Security Update : subversion (openSUSE-SU-2014:1725-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-821. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(80299); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-3580", "CVE-2014-8108"); script_name(english:"openSUSE Security Update : subversion (openSUSE-SU-2014:1725-1)"); script_summary(english:"Check for the openSUSE-2014-821 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This Apache Subversion update fixes the following security and non security issues. - Apache Subversion 1.8.11 - This release addresses two security issues: [boo#909935] - CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. - CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. - Client-side bugfixes : - checkout/update: fix file externals failing to follow history and subsequently silently failing - patch: don't skip targets in valid --git difs - diff: make property output in diffs stable - diff: fix diff of local copied directory with props - diff: fix changelist filter for repos-WC and WC-WC - remove broken conflict resolver menu options that always error out - improve gpg-agent support - fix crash in eclipse IDE with GNOME Keyring - fix externals shadowing a versioned directory - fix problems working on unix file systems that don't support permissions - upgrade: keep external registrations - cleanup: iprove performance of recorded timestamp fixups - translation updates for German - Server-side bugfixes : - disable revprop caching feature due to cache invalidation problems - skip generating uniquifiers if rep-sharing is not supported - mod_dav_svn: reject requests with missing repository paths - mod_dav_svn: reject requests with invalid virtual transaction names - mod_dav_svn: avoid unneeded memory growth in resource walking" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=909935" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-12/msg00107.html" ); script_set_attribute( attribute:"solution", value:"Update the affected subversion packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python-ctypes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3|SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_gnome_keyring-1-0-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_kwallet-1-0-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-bash-completion-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-debuginfo-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-debugsource-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-devel-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-perl-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-perl-debuginfo-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-python-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-python-debuginfo-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-server-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-server-debuginfo-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-tools-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"subversion-tools-debuginfo-1.7.19-2.40.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsvn_auth_gnome_keyring-1-0-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsvn_auth_kwallet-1-0-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-bash-completion-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-debuginfo-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-debugsource-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-devel-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-perl-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-perl-debuginfo-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-python-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-python-debuginfo-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-ruby-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-ruby-debuginfo-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-server-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-server-debuginfo-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-tools-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"subversion-tools-debuginfo-1.8.11-2.33.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_gnome_keyring-1-0-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_kwallet-1-0-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-bash-completion-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-debuginfo-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-debugsource-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-devel-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-perl-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-perl-debuginfo-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-python-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-python-ctypes-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-python-debuginfo-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-ruby-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-ruby-debuginfo-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-server-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-server-debuginfo-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-tools-1.8.11-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"subversion-tools-debuginfo-1.8.11-2.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsvn_auth_gnome_keyring-1-0 / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2721-1.NASL description It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108) Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. A remote attacker could use this issue to spoof the svn:author property. (CVE-2015-0251) C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85579 published 2015-08-21 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85579 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : subversion vulnerabilities (USN-2721-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2721-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(85579); script_version("2.6"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2014-3580", "CVE-2014-8108", "CVE-2015-0202", "CVE-2015-0248", "CVE-2015-0251", "CVE-2015-3184", "CVE-2015-3187"); script_xref(name:"USN", value:"2721-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : subversion vulnerabilities (USN-2721-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108) Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. A remote attacker could use this issue to spoof the svn:author property. (CVE-2015-0251) C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2721-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected libapache2-svn, libsvn1 and / or subversion packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/18"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libapache2-svn", pkgver:"1.6.17dfsg-3ubuntu3.5")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libsvn1", pkgver:"1.6.17dfsg-3ubuntu3.5")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"subversion", pkgver:"1.6.17dfsg-3ubuntu3.5")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libapache2-svn", pkgver:"1.8.8-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libsvn1", pkgver:"1.8.8-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"subversion", pkgver:"1.8.8-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libapache2-svn", pkgver:"1.8.10-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libsvn1", pkgver:"1.8.10-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"subversion", pkgver:"1.8.10-5ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-svn / libsvn1 / subversion"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0166.NASL description From Red Hat Security Advisory 2015:0166 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server last seen 2020-06-01 modified 2020-06-02 plugin id 81289 published 2015-02-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81289 title Oracle Linux 7 : subversion (ELSA-2015-0166) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0166 and # Oracle Linux Security Advisory ELSA-2015-0166 respectively. # include("compat.inc"); if (description) { script_id(81289); script_version("1.8"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2014-3528", "CVE-2014-3580", "CVE-2014-8108"); script_bugtraq_id(68995, 71725, 71726); script_xref(name:"RHSA", value:"2015:0166"); script_name(english:"Oracle Linux 7 : subversion (ELSA-2015-0166)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:0166 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-February/004840.html" ); script_set_attribute( attribute:"solution", value:"Update the affected subversion packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mod_dav_svn-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-devel-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-gnome-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-javahl-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-kde-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-libs-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-perl-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-python-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-ruby-1.7.14-7.el7_0")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-tools-1.7.14-7.el7_0")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-devel / subversion-gnome / etc"); }NASL family Web Servers NASL id APACHE_MOD_DAV_SVN_REMOTE_DOS.NASL description The remote host is running a version of Apache SVN 1.7.x prior to 1.7.19 or 1.8.x prior to 1.8.11. It is, therefore, affected by multiple denial of service vulnerabilities : - A NULL pointer dereference flaw exists in last seen 2020-06-01 modified 2020-06-02 plugin id 80864 published 2015-01-20 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80864 title Apache Subversion 1.7.x < 1.7.19 / 1.8.x < 1.8.11 Multiple Remote DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80864); script_version("1.4"); script_cvs_date("Date: 2018/06/27 18:42:26"); script_cve_id("CVE-2014-3580", "CVE-2014-8108"); script_bugtraq_id(71725, 71726); script_name(english:"Apache Subversion 1.7.x < 1.7.19 / 1.8.x < 1.8.11 Multiple Remote DoS"); script_summary(english:"Checks target for vulnerable mod_dav svn."); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple remote denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Apache SVN 1.7.x prior to 1.7.19 or 1.8.x prior to 1.8.11. It is, therefore, affected by multiple denial of service vulnerabilities : - A NULL pointer dereference flaw exists in 'mod_dav_svn' that is triggered when handling REPORT requests. A remote attacker, using a specially crafted request, can cause the listener process to crash. (CVE-2014-3580) - A NULL pointer dereference flaw exists in 'mod_dav_svn' that is triggered when handling requests for non-existent virtual transaction names. A remote attacker, using a specially crafted request, can cause the listener process to crash. (CVE-2014-8108)"); script_set_attribute(attribute:"see_also", value:"http://subversion.apache.org/security/CVE-2014-3580-advisory.txt"); script_set_attribute(attribute:"see_also", value:"http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"); script_set_attribute(attribute:"solution", value:"Upgrade to Subversion 1.7.19 / 1.8.11 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:subversion"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); app_name = "Apache mod_dav_svn"; port = get_http_port(default:80); # some SVN installations have versioning in the # server-response of the HTTP header server_name = http_server_header(port:port); if(isnull(server_name)) audit(AUDIT_WEB_NO_SERVER_HEADER, port); # check to see if host is running the apache web server if ('Apache' >!< server_name) audit(AUDIT_NOT_LISTEN, app_name, port); source = NULL; version = UNKNOWN_VER; fix = ""; # The raw strings below are needed for # installations where SVN is not included in the # HTTP server-response field svn = 'SVN/'; subversion = 'Subversion'; visualsvn = '<svn version='; pattern = "SVN/([0-9]\.[0-9]\.[0-9][0-9])"; item = eregmatch(pattern:pattern, string:server_name); source = server_name; version = item[1]; # For subversion installations where SVN # is not found in the server-response if (svn >!< server_name) { # if SVN isn't found in the server-response of the HTTP header we use a brute method # most subversion installations use /svn by default including VisualSVN for Windows # and Apache Subversion docs use /svn as well. uri = make_list( '/subversion', '/repository', '/svnrepo', '/repo', '/svn/', '/!/#', '/' ); lnk = ""; for (i = 0; i < max_index(uri); i++ ) { # brute force approach: is mod dav svn enabled on apache server resp = http_send_recv3(method: 'GET', item:uri[i], port:port); # we land here if server-response yields nothing but subversion # is detected in the footer of the html body in the HTTP response if ((svn) >< resp[1]+resp[2] || (subversion) >< resp[1]+resp[2]) { pattern = "Subversion<\/a> version ([0-9]\.[0-9]\.[0-9]+[0-9])"; item = eregmatch(pattern:pattern, string:resp[2]); version = item[2]; lnk = uri[i]; } # we land here if the server-response yields nothing but visualsvn # is found in the body of the HTTP response. if ((visualsvn) >< resp[1]+resp[2]) { pattern = '<svn version=\"([0-9]\\.[0-9]\\.[0-9]+[0-9])'; item = eregmatch(pattern:pattern, string:resp[2]); version = item[1]; lnk = uri[i]; } } } if (version =~ "^1\.7\." && ver_compare(ver:version, fix:"1.7.19", strict:FALSE) == -1) fix = "1.7.19"; if (version =~ "^1\.8\." && ver_compare(ver:version, fix:"1.8.11", strict:FALSE) == -1) fix = "1.8.11"; if (fix != "") { url = build_url(port:port, qs:url+lnk); source += ' with mod_dav_svn enabled'; if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n Request URL : ' + url + '\n'; security_warning(port:port, extra:report); } else security_warning(port:port); } else audit(AUDIT_LISTEN_NOT_VULN, app_name, port);NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-005.NASL description Updated subversion packages fix security vulnerabilities : A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108). last seen 2020-06-01 modified 2020-06-02 plugin id 80386 published 2015-01-06 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80386 title Mandriva Linux Security Advisory : subversion (MDVSA-2015:005) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:005. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(80386); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-3580", "CVE-2014-8108"); script_bugtraq_id(71725, 71726); script_xref(name:"MDVSA", value:"2015:005"); script_name(english:"Mandriva Linux Security Advisory : subversion (MDVSA-2015:005)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated subversion packages fix security vulnerabilities : A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0545.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svn-gnome-keyring0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svn0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svnjavahl1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-SVN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-svn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-svn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-svn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-gnome-keyring-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:svn-javahl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"apache-mod_dav_svn-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svn-gnome-keyring0-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svn0-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svnjavahl1-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perl-SVN-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perl-svn-devel-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-svn-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-svn-devel-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ruby-svn-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ruby-svn-devel-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-devel-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-doc-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-gnome-keyring-devel-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-server-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-tools-1.7.19-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"svn-javahl-1.7.19-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F5561ADE846C11E4B7A720CF30E32F6D.NASL description Subversion Project reports : Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 80039 published 2014-12-16 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80039 title FreeBSD : subversion -- DoS vulnerabilities (f5561ade-846c-11e4-b7a7-20cf30e32f6d) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(80039); script_version("1.4"); script_cvs_date("Date: 2018/11/10 11:49:44"); script_cve_id("CVE-2014-3580", "CVE-2014-8108"); script_name(english:"FreeBSD : subversion -- DoS vulnerabilities (f5561ade-846c-11e4-b7a7-20cf30e32f6d)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Subversion Project reports : Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We consider this to be a medium risk vulnerability. Repositories which allow for anonymous reads will be vulnerable without authentication. Unfortunately, no special configuration is required and all mod_dav_svn servers are vulnerable." ); script_set_attribute( attribute:"see_also", value:"http://subversion.apache.org/security/CVE-2014-3580-advisory.txt" ); script_set_attribute( attribute:"see_also", value:"http://subversion.apache.org/security/CVE-2014-8108-advisory.txt" ); # https://vuxml.freebsd.org/freebsd/f5561ade-846c-11e4-b7a7-20cf30e32f6d.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2200f32f" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:subversion16"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:subversion17"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"mod_dav_svn>=1.8.0<1.8.11")) flag++; if (pkg_test(save_report:TRUE, pkg:"subversion16>=1.0.0<1.7.19")) flag++; if (pkg_test(save_report:TRUE, pkg:"subversion17>=1.0.0<1.7.19")) flag++; if (pkg_test(save_report:TRUE, pkg:"subversion>=1.0.0<1.7.19")) flag++; if (pkg_test(save_report:TRUE, pkg:"subversion>=1.8.0<1.8.11")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family MacOS X Local Security Checks NASL id MACOSX_XCODE_6_2.NASL description The Apple Xcode installed on the remote Mac OS X host is prior to version 6.2. It is, therefore, affected by the following vulnerabilities : - Numerous errors exist related to the bundled version of Apache Subversion. (CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108) - An error exists related to the bundled version of Git that allows arbitrary files to be added to the .git folder. (CVE-2014-9390) last seen 2020-05-06 modified 2015-03-11 plugin id 81758 published 2015-03-11 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81758 title Apple Xcode < 6.2 (Mac OS X) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-555.NASL description A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) last seen 2020-06-01 modified 2020-06-02 plugin id 84372 published 2015-06-25 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84372 title Amazon Linux AMI : mod_dav_svn / subversion (ALAS-2015-555) NASL family Scientific Linux Local Security Checks NASL id SL_20150210_SUBVERSION_ON_SL7_X.NASL description A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server last seen 2020-03-18 modified 2015-02-12 plugin id 81310 published 2015-02-12 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81310 title Scientific Linux Security Update : subversion on SL7.x x86_64 (20150210) NASL family Fedora Local Security Checks NASL id FEDORA_2014-17118.NASL description This update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see : http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://subversion.apache.org/security/CVE-2014-3580-advisory.txt **Client-side bugfixes:** - checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185 - patch: don last seen 2020-03-17 modified 2015-01-06 plugin id 80373 published 2015-01-06 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80373 title Fedora 21 : subversion-1.8.11-1.fc21 (2014-17118) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0166.NASL description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server last seen 2020-06-01 modified 2020-06-02 plugin id 81293 published 2015-02-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81293 title RHEL 7 : subversion (RHSA-2015:0166) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-085.NASL description Updated subversion packages fix security vulnerabilities : The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via an OPTIONS request (CVE-2014-0032). Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3522). Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528). A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108). last seen 2020-06-01 modified 2020-06-02 plugin id 82338 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82338 title Mandriva Linux Security Advisory : subversion (MDVSA-2015:085) NASL family Fedora Local Security Checks NASL id FEDORA_2014-17222.NASL description This update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see : http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://subversion.apache.org/security/CVE-2014-3580-advisory.txt **Client-side bugfixes:** - checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185 - patch: don last seen 2020-03-17 modified 2015-01-06 plugin id 80375 published 2015-01-06 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80375 title Fedora 20 : subversion-1.8.11-1.fc20 (2014-17222)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
- http://rhn.redhat.com/errata/RHSA-2015-0166.html
- http://secunia.com/advisories/61131
- http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
- http://www.securityfocus.com/bid/71725
- http://www.ubuntu.com/usn/USN-2721-1
- https://support.apple.com/HT204427