Philip Martin

**Name of the Vulnerable Software and Affected Versions** Subversion versions 1.7.11 through 1.7.13 Subversion versions 1.8.1 through 1.8.4 **Description** The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and Apache process abort, via a non-canonical URL in a request. This can be demonstrated using a trailing /. The problem occurs when the `get parent resource` function in `repos.c` is used with assertions enabled and `SVNAutoversioning` is enabled. **Recommendations** For Subversion versions 1.7.11 through 1.7.13, consider disabling `SVNAutoversioning` to minimize the risk of exploitation until a patch is available. For Subversion versions 1.8.1 through 1.8.4, consider disabling `SVNAutoversioning` to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider restricting access to non-canonical URLs to prevent the denial of service.

**Name of the Vulnerable Software and Affected Versions** Subversion versions 1.7.0 through 1.7.8 **Description** The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault and crash of the Apache HTTPD server module. This is achieved by sending a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable. **Recommendations** For Subversion versions 1.7.0 through 1.7.8, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Subversion versions prior to 1.6.16 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and daemon crash, via a request containing a lock token. **Recommendations** For versions prior to 1.6.16, update to version 1.6.16 or later to resolve the issue.