PT-2019-2982 · Apache+8 · Apache Subversion+8

Ace Olszowka

Published

2019-07-31

Updated

2024-06-15

CVE-2018-11782

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Subversion versions up to and including 1.9.10 Apache Subversion versions up to and including 1.10.4 Apache Subversion versions up to and including 1.12.0

Description The issue arises due to insufficient input validation in the svnserve server process of the Subversion centralized version control system. This can be exploited by a remote attacker to cause a denial of service, disrupting the server's operation. When a well-formed read-only request produces a particular answer, the Subversion's svnserve server process may exit, leading to disruption for users of the server.

Recommendations For Apache Subversion version 1.9.10, update to a version later than 1.9.10 to resolve the issue. For Apache Subversion version 1.10.4, update to a version later than 1.10.4 to resolve the issue. For Apache Subversion version 1.12.0, update to a version later than 1.12.0 to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2020:4712

ALT-PU-2020-1641

ALT-PU-2020-2914

BDU:2019-02960

CESA-2020_3972

CESA-2020_4712

CVE-2018-11782

DLA-1903-1

DSA-4490-1

MGASA-2019-0243

OPENSUSE-SU-2019:1910-1

OPENSUSE-SU-2019_1910-1

OPENSUSE-SU-2024:11412-1

RHSA-2020:3972

RHSA-2020:4712

RHSA-2020_3972

RHSA-2020_4712

RLSA-2020:4712

SUSE-SU-2019:2031-1

SUSE-SU-2019:2032-1

SUSE-SU-2019_2031-1

SUSE-SU-2019_2032-1

USN-4082-1

USN-4082-2

USN-5445-1

Affected Products

Alt Linux

Almalinux

Apache Subversion

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-2982 · Apache+8 · Apache Subversion+8

CVE-2018-11782

Weakness Enumeration

Related Identifiers

Affected Products

References · 93