Denial of Service Vulnerability in Apache HTTPD Server Module - Subversion Affected Products
CVE-2013-4558

Currently unrated

Key Information:

Vendor: Apache
Status: Subversion; Mod Dav Svn
Vendor: CVE Published:; 7 December 2013

What is CVE-2013-4558?

A vulnerability exists within the get_parent_resource function of the mod_dav_svn module in Apache HTTPD server, specifically for Subversion versions 1.7.11 up to 1.7.13 and 1.8.1 up to 1.8.4. When assertions are enabled, and SVNAutoversioning is activated, attackers can exploit this weakness by sending requests containing non-canonical URLs—such as those that end with a trailing slash. This may lead to denial of service through assertion failures, causing the Apache process to abort and resulting in interrupted services.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1033431

x_refsource_CONFIRM

http://subversion.apache.org/security/CVE-2013-4558-advis...

x_refsource_CONFIRM

http://osvdb.org/100363

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2013
Vulnerability Reserved
Jun 12, 2013