Vulnerabilities > Apache > Subversion > 1.6.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-05-02 | CVE-2013-1846 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. | 4.0 |
| 2013-05-02 | CVE-2013-1845 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. | 2.1 |
| 2011-06-06 | CVE-2011-1921 | Permissions, Privileges, and Access Controls vulnerability in Apache Subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. | 4.3 |
| 2011-06-06 | CVE-2011-1783 | Resource Management Errors vulnerability in Apache Http Server and Subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. | 4.3 |
| 2011-06-06 | CVE-2011-1752 | Denial of Service and Information Disclosure vulnerability in Subversion 'mod_dav_svn' The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. | 5.0 |
| 2011-03-11 | CVE-2011-0715 | Denial Of Service vulnerability in Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. network apache | 4.3 |
| 2010-10-04 | CVE-2010-3315 | Configuration vulnerability in Apache Subversion authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | 6.0 |