PT-2014-5403 · Apache+5 · Apache Subversion+5

Published

2014-12-17

Updated

2024-06-15

CVE-2014-3580

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache Subversion versions 1.x prior to 1.7.19 Apache Subversion versions 1.8.x prior to 1.8.11

Description The issue allows remote attackers to cause a denial of service, resulting in a server crash due to a NULL pointer dereference. This can be achieved by sending a REPORT request for a resource that does not exist or for some malformed URIs.

Recommendations For Apache Subversion versions 1.x prior to 1.7.19, update to version 1.7.19 or later. For Apache Subversion versions 1.8.x prior to 1.8.11, update to version 1.8.11 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2015-1708

CESA-2015_0165

CESA-2015_0166

CVE-2014-3580

DLA-119-1

DSA-3107-1

MGASA-2014-0545

OPENSUSE-SU-2024:10538-1

RHSA-2015:0165

RHSA-2015:0166

RHSA-2015_0165

RHSA-2015_0166

SUSE-SU-2015:0709-1

SUSE-SU-2015_0153-1

SUSE-SU-2015_0155-2

SUSE-SU-2017:2200-1

SUSE-SU-2017_2200-1

USN-2721-1

Affected Products

Alt Linux

Apache Subversion

Centos

Red Hat

Suse

Ubuntu

PT-2014-5403 · Apache+5 · Apache Subversion+5

CVE-2014-3580

Related Identifiers

Affected Products

References · 155