Denial of Service and Sensitive Data Exposure in Apache Subversion
CVE-2013-4246

8.8HIGH

Key Information:

Vendor: Apache
Status: Subversion
Vendor: CVE Published:; 30 October 2017

Summary

A vulnerability in Apache Subversion's FSFS storage format could be exploited by remote authenticated users with commit access. By manipulating packed revision properties, attackers can corrupt FSFS repositories, leading to potential service disruption and unauthorized access to sensitive information. It is recommended to update to version 1.8.2 or later to mitigate this risk.

References

https://subversion.apache.org/security/CVE-2013-4246-advi...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101620

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 30, 2017
Vulnerability Reserved
Jun 12, 2013