Access Restrictions Bypass in Apache Subversion by Vendor Apache
CVE-2013-4505

Currently unrated

Key Information:

Vendor: Apache
Status: Mod Dontdothat; Subversion
Vendor: CVE Published:; 7 December 2013

Summary

The 'is_this_legal' function within the 'mod_dontdothat' module of Apache Subversion from versions 1.4.0 to 1.8.4 allows remote attackers to bypass established access restrictions. This is achieved through the manipulation of relative URLs in REPORT requests, which may lead to potential denial of service due to resource consumption. Users of affected Subversion versions should apply patches or workarounds to mitigate the risk of unauthorized access and service disruptions.

References

http://secunia.com/advisories/55855

third-party-advisoryx_refsource_SECUNIA

http://subversion.apache.org/security/CVE-2013-4505-advis...

x_refsource_CONFIRM

http://osvdb.org/100364

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Dec 7, 2013
Vulnerability Reserved
Jun 12, 2013