Vulnerabilities > CVE-2019-0203 - Improper Handling of Exceptional Conditions vulnerability in Apache Subversion
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-2512.NASL description From Red Hat Security Advisory 2019:2512 : An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es) : * subversion: NULL pointer dereference in svnserve leading to an unauthenticated remote DoS (CVE-2019-0203) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127984 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127984 title Oracle Linux 8 : subversion:1.10 (ELSA-2019-2512) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4490.NASL description Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-11782 Ace Olszowka reported that the Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 127486 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127486 title Debian DSA-4490-1 : subversion - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1513.NASL description According to the version of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion last seen 2020-05-03 modified 2020-04-20 plugin id 135746 published 2020-04-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135746 title EulerOS 2.0 SP8 : subversion (EulerOS-SA-2020-1513) NASL family Fedora Local Security Checks NASL id FEDORA_2019-F6BC68E455.NASL description This update includes the latest stable release of _Apache Subversion_, version **1.12.2**. This update addresses two security vulnerabilities in **svnserve**, `CVE-2018-11782` and `CVE-2019-0203`. For more information, see : http://subversion.apache.org/security/CVE-2018-11782-advisory.txt http://subversion.apache.org/security/CVE-2019-0203-advisory.txt ## User-visible changes : - Fix conflict resolver bug: local and incoming edits swapped. - Fix memory lifetime problem in a libsvn_wc error code path. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127538 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127538 title Fedora 30 : subversion (2019-f6bc68e455) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2512.NASL description An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es) : * subversion: NULL pointer dereference in svnserve leading to an unauthenticated remote DoS (CVE-2019-0203) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-23 modified 2019-08-20 plugin id 127992 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127992 title RHEL 8 : subversion:1.10 (RHSA-2019:2512) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0035_SUBVERSION.NASL description An update of the subversion package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 130104 published 2019-10-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130104 title Photon OS 3.0: Subversion PHSA-2019-3.0-0035 NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1317.NASL description In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 130610 published 2019-11-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130610 title Amazon Linux AMI : subversion (ALAS-2019-1317) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2031-1.NASL description This update for subversion to version 1.10.6 fixes the following issues : Security issues fixed : CVE-2018-11782: Fixed a remote denial of service in svnserve last seen 2020-06-01 modified 2020-06-02 plugin id 127760 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127760 title SUSE SLED15 / SLES15 Security Update : subversion (SUSE-SU-2019:2031-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0182_SUBVERSION.NASL description An update of the subversion package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 130117 published 2019-10-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130117 title Photon OS 2.0: Subversion PHSA-2019-2.0-0182 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4082-1.NASL description Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. (CVE-2018-11782) Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. (CVE-2019-0203). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127799 published 2019-08-12 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127799 title Ubuntu 16.04 LTS : subversion vulnerabilities (USN-4082-1) NASL family Windows NASL id SUBVERSION_1_12_1.NASL description The installed version of Subversion Server is prior to 1.9.11, 1.10.x prior to 1.10.5, 1.11.x or 1.12.x prior to 1.12.1 and is, therefore, affected by multiple vulnerabilities: - A denial of service (DoS) vulnerability exists in Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 127137 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127137 title Apache Subversion < 1.9.11 / 1.10.x < 1.10.5 / 1.11.x / 1.12.x < 1.12.1 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1903.NASL description Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2018-11782 Ace Olszowka reported that the Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 128395 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128395 title Debian DLA-1903-1 : subversion security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1910.NASL description This update for subversion to version 1.10.6 fixes the following issues : Security issues fixed : - CVE-2018-11782: Fixed a remote denial of service in svnserve last seen 2020-06-01 modified 2020-06-02 plugin id 128002 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128002 title openSUSE Security Update : subversion (openSUSE-2019-1910)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|