Apache HTTPD Module Vulnerability in Subversion by The Apache Software Foundation
CVE-2018-11803

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Subversion
Vendor
CVE Published:
5 February 2019

Summary

The mod_dav_svn module of Apache Subversion is vulnerable to a crash scenario that occurs when a client omits the root path during a recursive directory listing operation. This flaw leads to the dereferencing of an uninitialized pointer, potentially disrupting service for users relying on this functionality. Users and administrators should review their use of the affected versions and ensure that proper configurations or patches are applied to mitigate this issue.

Affected Version(s)

Apache Subversion Apache Subversion 1.11.0, 1.10.0 to 1.10.3

References

https://usn.ubuntu.com/3869-1/
vendor-advisoryx_refsource_UBUNTU
https://lists.apache.org/thread.html/fa71074862373c142d26...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106770
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.