Vulnerability Description
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Subversion | <= 1.6.15 |
References
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://secunia.com/advisories/43583
- http://secunia.com/advisories/43603Vendor Advisory
- http://secunia.com/advisories/43672
- http://secunia.com/advisories/43794
- http://securitytracker.com/id?1025161
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware
- http://subversion.apache.org/security/CVE-2011-0715-advisory.txtVendor Advisory
- http://support.apple.com/kb/HT4723
- http://svn.apache.org/repos/asf/subversion/tags/1.6.16/CHANGES
- http://svn.apache.org/viewvc?view=revision&revision=1071239
FAQ
What is CVE-2011-0715?
CVE-2011-0715 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) v...
How severe is CVE-2011-0715?
CVE-2011-0715 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0715?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Subversion.