PT-2019-2954 · Apache+8 · Apache Subversion+8

Publicado

2019-07-31

·

Atualizado

2024-06-15

·

CVE-2019-0203

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Apache Subversion versions up to and including 1.9.10 Apache Subversion versions up to and including 1.10.4 Apache Subversion versions up to and including 1.12.0
Description The issue is related to the svnserve server process in Apache Subversion, which may exit when a client sends certain sequences of protocol commands, leading to disruption for users of the server. The vulnerability is also associated with a null pointer dereference. Exploitation of the vulnerability can allow a remote attacker to cause a denial of service.
Recommendations For Apache Subversion versions up to and including 1.9.10, update to a version that fixes the issue. For Apache Subversion versions up to and including 1.10.4, update to a version that fixes the issue. For Apache Subversion versions up to and including 1.12.0, update to a version that fixes the issue. As a temporary workaround, consider restricting access to the svnserve server process to minimize the risk of exploitation.

Correção

NULL Pointer Dereference

Improper Handling of Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476CWE-755

Identificadores relacionados

ALSA-2019:2512
ALT-PU-2020-1641
ALT-PU-2020-2914
BDU:2019-02929
CESA-2019_2512
CVE-2019-0203
DLA-1903-1
DSA-4490-1
MGASA-2019-0243
OPENSUSE-SU-2019:1910-1
OPENSUSE-SU-2019_1910-1
OPENSUSE-SU-2024:11412-1
RHSA-2019:2512
RHSA-2019_2512
RLSA-2019:2512
SUSE-SU-2019:2031-1
SUSE-SU-2019:2032-1
USN-4082-1
USN-4082-2
USN-5445-1

Produtos afetados

Alt Linux
Almalinux
Apache Subversion
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu