CVE-2013-4558

Name of the Vulnerable Software and Affected Versions Subversion versions 1.7.11 through 1.7.13 Subversion versions 1.8.1 through 1.8.4

Description The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and Apache process abort, via a non-canonical URL in a request. This can be demonstrated using a trailing /. The problem occurs when the get parent resource function in repos.c is used with assertions enabled and SVNAutoversioning is enabled.

Recommendations For Subversion versions 1.7.11 through 1.7.13, consider disabling SVNAutoversioning to minimize the risk of exploitation until a patch is available. For Subversion versions 1.8.1 through 1.8.4, consider disabling SVNAutoversioning to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider restricting access to non-canonical URLs to prevent the denial of service.