Subversion Mod_dav_svn Spoofing Vulnerability in Apache Software
CVE-2015-0251

Currently unrated

Key Information:

Vendor: Apache
Status: Subversion
Vendor: CVE Published:; 8 April 2015

Summary

The mod_dav_svn server in Subversion versions 1.5.0 to 1.8.11 is susceptible to a spoofing vulnerability. This flaw permits remote authenticated users to falsify the svn:author property through a specifically crafted sequence of v1 HTTP protocol requests. This could lead to unauthorized representation of actions, potentially compromising the integrity of the official repository logs and workflows.

References

http://rhn.redhat.com/errata/RHSA-2015-1742.html

vendor-advisoryx_refsource_REDHAT

http://www.debian.org/security/2015/dsa-3231

vendor-advisoryx_refsource_DEBIAN

http://rhn.redhat.com/errata/RHSA-2015-1633.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Apr 8, 2015
Vulnerability Reserved
Nov 18, 2014