Vulnerabilities > Apache > Subversion > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2021-28544 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules.
network
low complexity
apache debian fedoraproject apple
4.3
2019-09-26 CVE-2018-11782 Improper Input Validation vulnerability in Apache Subversion
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer.
network
low complexity
apache CWE-20
6.5
2017-10-16 CVE-2016-8734 Resource Exhaustion vulnerability in multiple products
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion.
network
low complexity
apache debian CWE-400
6.5
2016-05-05 CVE-2016-2168 Unspecified vulnerability in Apache Subversion
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.
network
low complexity
apache
6.5
2016-05-05 CVE-2016-2167 Improper Access Control vulnerability in Apache Subversion
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.
network
high complexity
apache CWE-284
6.8