Denial of Service Vulnerability in Subversion by Apache Software Foundation
CVE-2015-0248

Currently unrated

Key Information:

Vendor: Apache
Status: Subversion
Vendor: CVE Published:; 8 April 2015

What is CVE-2015-0248?

The mod_dav_svn and svnserve components in specific versions of Subversion are vulnerable to a denial of service attack. Attackers can exploit crafted parameter combinations that relate to dynamically evaluated revision numbers, resulting in an assertion failure that causes the service to abort. This vulnerability can impact the availability of Subversion services, allowing remote attackers to disrupt intended operations and accessibility.

References

http://rhn.redhat.com/errata/RHSA-2015-1742.html

vendor-advisoryx_refsource_REDHAT

http://www.debian.org/security/2015/dsa-3231

vendor-advisoryx_refsource_DEBIAN

http://rhn.redhat.com/errata/RHSA-2015-1633.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

14% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2015
Vulnerability Reserved
Nov 18, 2014