Описание
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.9.7-4ubuntu1.1 |
| devel | not-affected | 1.14.1-1 |
| esm-apps/bionic | released | 1.9.7-4ubuntu1.1 |
| esm-apps/focal | released | 1.13.0-3ubuntu0.2 |
| esm-apps/jammy | not-affected | 1.14.1-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | released | 1.9.3-2ubuntu1.3+esm1 |
| focal | released | 1.13.0-3ubuntu0.2 |
| groovy | ignored | end of life |
| hirsute | not-affected | 1.14.1-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Remote unauthenticated denial-of-service in Subversion mod_authz_svn
Subversion's mod_authz_svn module will crash if the server is using in ...
EPSS
4.3 Medium
CVSS2
7.5 High
CVSS3