ID

VAR-201412-0515


CVE

CVE-2014-3580


TITLE

Apache Subversion of mod_dav_svn Apache HTTPD server Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-007292

DESCRIPTION

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apache subversion is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the affected process, causing denial of service conditions. Subversion versions 1.7.0 through 1.7.18 and 1.8.0 through 1.8.10 are affected. Subversion is an open source version control system of the Apache Software Foundation in the United States. The main function of the system is to be compatible with the concurrent version management system (CVS). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUqoNCmqjQ0CJFipgRAqwFAKCUALR1yu7OcAY6tP4LrYCdhQMJDACg7FG5 zlOOLTc8tjEXNuj5PnqflP0= =huIz -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2721-1 August 20, 2015 subversion vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Subversion. Software Description: - subversion: Advanced version control system Details: It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 14.04 LTS. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. (CVE-2015-0251) C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. (CVE-2015-3187) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libapache2-svn 1.8.10-5ubuntu1.1 libsvn1 1.8.10-5ubuntu1.1 subversion 1.8.10-5ubuntu1.1 Ubuntu 14.04 LTS: libapache2-svn 1.8.8-1ubuntu3.2 libsvn1 1.8.8-1ubuntu3.2 subversion 1.8.8-1ubuntu3.2 Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.5 libsvn1 1.6.17dfsg-3ubuntu3.5 subversion 1.6.17dfsg-3ubuntu3.5 In general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:0166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html Issue date: 2015-02-10 CVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 ===================================================================== 1. Summary: Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision 1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests 1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm ppc64: mod_dav_svn-1.7.14-7.el7_0.ppc64.rpm subversion-1.7.14-7.el7_0.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-libs-1.7.14-7.el7_0.ppc.rpm subversion-libs-1.7.14-7.el7_0.ppc64.rpm s390x: mod_dav_svn-1.7.14-7.el7_0.s390x.rpm subversion-1.7.14-7.el7_0.s390x.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-libs-1.7.14-7.el7_0.s390.rpm subversion-libs-1.7.14-7.el7_0.s390x.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: subversion-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-devel-1.7.14-7.el7_0.ppc.rpm subversion-devel-1.7.14-7.el7_0.ppc64.rpm subversion-gnome-1.7.14-7.el7_0.ppc.rpm subversion-gnome-1.7.14-7.el7_0.ppc64.rpm subversion-javahl-1.7.14-7.el7_0.ppc.rpm subversion-javahl-1.7.14-7.el7_0.ppc64.rpm subversion-kde-1.7.14-7.el7_0.ppc.rpm subversion-kde-1.7.14-7.el7_0.ppc64.rpm subversion-perl-1.7.14-7.el7_0.ppc.rpm subversion-perl-1.7.14-7.el7_0.ppc64.rpm subversion-python-1.7.14-7.el7_0.ppc64.rpm subversion-ruby-1.7.14-7.el7_0.ppc.rpm subversion-ruby-1.7.14-7.el7_0.ppc64.rpm subversion-tools-1.7.14-7.el7_0.ppc64.rpm s390x: subversion-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-devel-1.7.14-7.el7_0.s390.rpm subversion-devel-1.7.14-7.el7_0.s390x.rpm subversion-gnome-1.7.14-7.el7_0.s390.rpm subversion-gnome-1.7.14-7.el7_0.s390x.rpm subversion-javahl-1.7.14-7.el7_0.s390.rpm subversion-javahl-1.7.14-7.el7_0.s390x.rpm subversion-kde-1.7.14-7.el7_0.s390.rpm subversion-kde-1.7.14-7.el7_0.s390x.rpm subversion-perl-1.7.14-7.el7_0.s390.rpm subversion-perl-1.7.14-7.el7_0.s390x.rpm subversion-python-1.7.14-7.el7_0.s390x.rpm subversion-ruby-1.7.14-7.el7_0.s390.rpm subversion-ruby-1.7.14-7.el7_0.s390x.rpm subversion-tools-1.7.14-7.el7_0.s390x.rpm x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3528 https://access.redhat.com/security/cve/CVE-2014-3580 https://access.redhat.com/security/cve/CVE-2014-8108 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2014-3528-advisory.txt https://subversion.apache.org/security/CVE-2014-3580-advisory.txt https://subversion.apache.org/security/CVE-2014-8108-advisory.txt 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll KM6EsnQkXd09uLTe1k+tQaU= =CuZg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating Apache Subversion to version 1.7.19. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "6.2". For the stable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u7. For the unstable distribution (sid), this problem has been fixed in version 1.8.10-5

Trust: 2.52

sources: NVD: CVE-2014-3580 // JVNDB: JVNDB-2014-007292 // BID: 71726 // VULHUB: VHN-71520 // PACKETSTORM: 129821 // PACKETSTORM: 133236 // PACKETSTORM: 130349 // PACKETSTORM: 130344 // PACKETSTORM: 130744 // PACKETSTORM: 129679

AFFECTED PRODUCTS

vendor:apachemodel:subversionscope:eqversion:1.7.19

Trust: 1.8

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6.0

Trust: 1.6

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.6

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.6

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.6

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.6

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.6

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:7.0

Trust: 1.6

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.6

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.6.z

Trust: 1.6

vendor:apachemodel:subversionscope:eqversion:1.7.13

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.5.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.5.6

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.2.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.16

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.3

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.10

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.2

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.9

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.13

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.5.4

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.6

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.4.4

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.3.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.10

Trust: 1.0

vendor:applemodel:xcodescope:eqversion:6.1.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.7

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.2

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.4.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.23

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.3.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.9

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.12

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.4

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.5

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.3

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.8

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.4.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.4.6

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.5

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.5.8

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.15

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.1.4

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.8

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.1.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.14

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.7

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.18

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.12

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.7

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.3

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.6

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.4

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.5.2

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.18

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.11

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.6

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.2.3

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.4

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.16

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.14

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.2

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.10

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.9

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.3

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.5.5

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.17

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.5.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.8

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.4.5

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.20

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.1.2

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.11

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.1.3

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.4.2

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.5.3

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.3.2

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.2

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.19

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.15

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.5

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.5.7

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.1.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.6

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.2.2

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.0.7

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.9

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.4.3

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.8

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.5

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.2.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.21

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.4

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.6.17

Trust: 1.0

vendor:apachemodel:subversionscope:ltversion:1.8.x

Trust: 0.8

vendor:apachemodel:subversionscope:eqversion:1.8.11

Trust: 0.8

vendor:applemodel:xcodescope:ltversion:(os x mavericks v10.9.4 or later )

Trust: 0.8

vendor:applemodel:xcodescope:eqversion:6.2

Trust: 0.8

vendor:apachemodel:subversionscope:ltversion:1.x

Trust: 0.8

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

sources: BID: 71726 // JVNDB: JVNDB-2014-007292 // CNNVD: CNNVD-201412-396 // NVD: CVE-2014-3580

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3580
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3580
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-396
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71520
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3580
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71520
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71520 // JVNDB: JVNDB-2014-007292 // CNNVD: CNNVD-201412-396 // NVD: CVE-2014-3580

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-007292 // NVD: CVE-2014-3580

THREAT TYPE

remote

Trust: 1.1

sources: PACKETSTORM: 129821 // PACKETSTORM: 133236 // PACKETSTORM: 130349 // PACKETSTORM: 130344 // PACKETSTORM: 129679 // CNNVD: CNNVD-201412-396

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201412-396

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007292

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-71520

PATCH

title:APPLE-SA-2015-03-09-4 Xcode 6.2url:http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html

Trust: 0.8

title:HT204427url:https://support.apple.com/en-us/HT204427

Trust: 0.8

title:HT204427url:http://support.apple.com/ja-jp/HT204427

Trust: 0.8

title:RHSA-2015:0165url:http://rhn.redhat.com/errata/RHSA-2015-0165.html

Trust: 0.8

title:RHSA-2015:0166url:http://rhn.redhat.com/errata/RHSA-2015-0166.html

Trust: 0.8

title:mod_dav_svn is vulnerable to a remotely triggerable segfault DoS vulnerability with certain invalid REPORT requests.url:http://subversion.apache.org/security/CVE-2014-3580-advisory.txt

Trust: 0.8

sources: JVNDB: JVNDB-2014-007292

EXTERNAL IDS

db:NVDid:CVE-2014-3580

Trust: 3.4

db:SECUNIAid:61131

Trust: 2.5

db:BIDid:71726

Trust: 1.4

db:JVNid:JVNVU90171154

Trust: 0.8

db:JVNDBid:JVNDB-2014-007292

Trust: 0.8

db:CNNVDid:CNNVD-201412-396

Trust: 0.7

db:PACKETSTORMid:129821

Trust: 0.2

db:PACKETSTORMid:133236

Trust: 0.2

db:PACKETSTORMid:129679

Trust: 0.2

db:VULHUBid:VHN-71520

Trust: 0.1

db:PACKETSTORMid:130349

Trust: 0.1

db:PACKETSTORMid:130344

Trust: 0.1

db:PACKETSTORMid:130744

Trust: 0.1

sources: VULHUB: VHN-71520 // BID: 71726 // JVNDB: JVNDB-2014-007292 // PACKETSTORM: 129821 // PACKETSTORM: 133236 // PACKETSTORM: 130349 // PACKETSTORM: 130344 // PACKETSTORM: 130744 // PACKETSTORM: 129679 // CNNVD: CNNVD-201412-396 // NVD: CVE-2014-3580

REFERENCES

url:http://secunia.com/advisories/61131

Trust: 2.5

url:http://subversion.apache.org/security/cve-2014-3580-advisory.txt

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2015-0165.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2015-0166.html

Trust: 1.2

url:http://www.ubuntu.com/usn/usn-2721-1

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html

Trust: 1.1

url:http://www.securityfocus.com/bid/71726

Trust: 1.1

url:https://support.apple.com/ht204427

Trust: 1.1

url:http://www.debian.org/security/2014/dsa-3107

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3580

Trust: 0.9

url:http://jvn.jp/vu/jvnvu90171154/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3580

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-3580

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-8108

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2014-3528

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-3580

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://subversion.apache.org/security/cve-2014-3528-advisory.txt

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3528

Trust: 0.2

url:http://www.debian.org/security/

Trust: 0.2

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0545.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8108

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0248

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/subversion/1.8.10-5ubuntu1.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0251

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3187

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0202

Trust: 0.1

url:https://subversion.apache.org/security/cve-2014-8108-advisory.txt

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-8108

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9390

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3522

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

sources: VULHUB: VHN-71520 // JVNDB: JVNDB-2014-007292 // PACKETSTORM: 129821 // PACKETSTORM: 133236 // PACKETSTORM: 130349 // PACKETSTORM: 130344 // PACKETSTORM: 130744 // PACKETSTORM: 129679 // CNNVD: CNNVD-201412-396 // NVD: CVE-2014-3580

CREDITS

Evgeny Kotkov, VisualSVN

Trust: 0.3

sources: BID: 71726

SOURCES

db:VULHUBid:VHN-71520
db:BIDid:71726
db:JVNDBid:JVNDB-2014-007292
db:PACKETSTORMid:129821
db:PACKETSTORMid:133236
db:PACKETSTORMid:130349
db:PACKETSTORMid:130344
db:PACKETSTORMid:130744
db:PACKETSTORMid:129679
db:CNNVDid:CNNVD-201412-396
db:NVDid:CVE-2014-3580

LAST UPDATE DATE

2024-08-14T12:59:11.726000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-71520date:2016-12-24T00:00:00
db:BIDid:71726date:2015-11-03T19:05:00
db:JVNDBid:JVNDB-2014-007292date:2015-06-22T00:00:00
db:CNNVDid:CNNVD-201412-396date:2014-12-19T00:00:00
db:NVDid:CVE-2014-3580date:2016-12-24T02:59:02.460

SOURCES RELEASE DATE

db:VULHUBid:VHN-71520date:2014-12-18T00:00:00
db:BIDid:71726date:2014-12-18T00:00:00
db:JVNDBid:JVNDB-2014-007292date:2014-12-19T00:00:00
db:PACKETSTORMid:129821date:2015-01-06T17:02:00
db:PACKETSTORMid:133236date:2015-08-21T16:59:18
db:PACKETSTORMid:130349date:2015-02-11T01:52:08
db:PACKETSTORMid:130344date:2015-02-11T01:49:16
db:PACKETSTORMid:130744date:2015-03-10T16:22:37
db:PACKETSTORMid:129679date:2014-12-22T17:14:48
db:CNNVDid:CNNVD-201412-396date:2014-12-19T00:00:00
db:NVDid:CVE-2014-3580date:2014-12-18T15:59:00.070