ID

VAR-201508-0171


CVE

CVE-2015-3184


TITLE

Apache Subversion of mod_authz_svn Vulnerable to reading hidden files

Trust: 0.8

sources: JVNDB: JVNDB-2015-004063

DESCRIPTION

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Apache Subversion is prone to an information-disclosure vulnerability. Successfully exploiting this issue can allow an attacker to obtain sensitive information that may aid in launching further attacks. The system is compatible with the Concurrent Versions System (CVS). ============================================================================ Ubuntu Security Notice USN-2721-1 August 20, 2015 subversion vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Subversion. Software Description: - subversion: Advanced version control system Details: It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108) Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. (CVE-2015-0251) C. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. (CVE-2015-3187) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libapache2-svn 1.8.10-5ubuntu1.1 libsvn1 1.8.10-5ubuntu1.1 subversion 1.8.10-5ubuntu1.1 Ubuntu 14.04 LTS: libapache2-svn 1.8.8-1ubuntu3.2 libsvn1 1.8.8-1ubuntu3.2 subversion 1.8.8-1ubuntu3.2 Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.5 libsvn1 1.6.17dfsg-3ubuntu3.5 subversion 1.6.17dfsg-3ubuntu3.5 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-4 Xcode 7.3 Xcode 7.3 is now available and addresses the following: otool Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes (@squiffy) subversion Available for: OS X El Capitan v10.11 and later Impact: A malicious server may be able to execute arbitrary code Description: Multiple vulnerabilities existed in subversion versions prior to 1.7.21, the most serious of which may have led to remote code execution. These were addressed by updating subversion to version 1.7.22. Michael Pilato, CollabNet Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "7.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW8JQAAAoJEBcWfLTuOo7tO6gQAJAW+kXp0TuFMDT6xHo2YVIq OiRdtYYsaQ0vLXHhDFQP+8uXPSz6KnunxKYZhA3JsSIjXZcv+O0Vw9hP/5A3/nj8 vXYCFmVW9m7rse4k7m117PYdPuKuWtAvDU19b7B2/vPsrv1R6C5R+jZj7hi9Vp2T 4Vx4oLeXCAhzpuDNfvtnyI756b8j63si2eSMSIPp+smQl4RKWtEJEAX5yHkDpeyl cuCHiEbwx4+UomEp5jpOPGjcmohjpTrbBJE8hH/k6W85bBj+rhBPJoBAYafW7nHt 6uokIgZtU59ZEAwC8hme0vzApINfslV1fiJk1HN/rP6Cp+ptdIZGL8zydmzIh7yq gEnfcEEhD2TTkJYnt22l42ZtCDsGJkFBF/r77EHmYWUJfmR4a4Jismp4sGGPgZ12 OitRfBzojK1+Ah6tkYV2LKIfjstprBTRZdz0XKQtjgAwfgktAalrWiibZs2zBNF5 UfZKAsM3Qc9RBK5pNQpGMlrHQtnFdD74Df4TYRlSuKZRO5DLr0STDeHXQfn4Ti/9 8+ZifqggFuWBfh5es4EFdcpxRRqWI9OKOdgQ0Oc5tXwIyAlOshxNuP3qAgVQzwwd COicsW/1HsUoaopDuf+bzDcJPL/L9H3SRYfg4S/uv5JOjoaPr0pQC8mUfR25dZAw cU0NiqyyiqU1H29UaU50 =9aiD -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201610-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code. Background ========== Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories. The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Subversion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4" All Serf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7" References ========== [ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201610-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:1742-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html Issue date: 2015-09-08 CVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 ===================================================================== 1. Summary: Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers 1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions 1247249 - CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4 1247252 - CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: subversion-1.7.14-7.el7_1.1.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: subversion-1.7.14-7.el7_1.1.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: subversion-1.7.14-7.el7_1.1.src.rpm ppc64: mod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm subversion-1.7.14-7.el7_1.1.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-libs-1.7.14-7.el7_1.1.ppc.rpm subversion-libs-1.7.14-7.el7_1.1.ppc64.rpm s390x: mod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm subversion-1.7.14-7.el7_1.1.s390x.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-libs-1.7.14-7.el7_1.1.s390.rpm subversion-libs-1.7.14-7.el7_1.1.s390x.rpm x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: subversion-1.7.14-7.ael7b_1.1.src.rpm ppc64le: mod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: subversion-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-devel-1.7.14-7.el7_1.1.ppc.rpm subversion-devel-1.7.14-7.el7_1.1.ppc64.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm subversion-kde-1.7.14-7.el7_1.1.ppc.rpm subversion-kde-1.7.14-7.el7_1.1.ppc64.rpm subversion-perl-1.7.14-7.el7_1.1.ppc.rpm subversion-perl-1.7.14-7.el7_1.1.ppc64.rpm subversion-python-1.7.14-7.el7_1.1.ppc64.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm subversion-tools-1.7.14-7.el7_1.1.ppc64.rpm s390x: subversion-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-devel-1.7.14-7.el7_1.1.s390.rpm subversion-devel-1.7.14-7.el7_1.1.s390x.rpm subversion-gnome-1.7.14-7.el7_1.1.s390.rpm subversion-gnome-1.7.14-7.el7_1.1.s390x.rpm subversion-javahl-1.7.14-7.el7_1.1.s390.rpm subversion-javahl-1.7.14-7.el7_1.1.s390x.rpm subversion-kde-1.7.14-7.el7_1.1.s390.rpm subversion-kde-1.7.14-7.el7_1.1.s390x.rpm subversion-perl-1.7.14-7.el7_1.1.s390.rpm subversion-perl-1.7.14-7.el7_1.1.s390x.rpm subversion-python-1.7.14-7.el7_1.1.s390x.rpm subversion-ruby-1.7.14-7.el7_1.1.s390.rpm subversion-ruby-1.7.14-7.el7_1.1.s390x.rpm subversion-tools-1.7.14-7.el7_1.1.s390x.rpm x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: subversion-1.7.14-7.el7_1.1.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0248 https://access.redhat.com/security/cve/CVE-2015-0251 https://access.redhat.com/security/cve/CVE-2015-3184 https://access.redhat.com/security/cve/CVE-2015-3187 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2015-0248-advisory.txt https://subversion.apache.org/security/CVE-2015-3184-advisory.txt https://subversion.apache.org/security/CVE-2015-0251-advisory.txt https://subversion.apache.org/security/CVE-2015-3187-advisory.txt 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b KVJwbobNcmPzKule+9U7RnM= =F2J4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2015-3184 // JVNDB: JVNDB-2015-004063 // BID: 76274 // VULHUB: VHN-81145 // VULMON: CVE-2015-3184 // PACKETSTORM: 133236 // PACKETSTORM: 136345 // PACKETSTORM: 139060 // PACKETSTORM: 133473

AFFECTED PRODUCTS

vendor:apachemodel:subversionscope:eqversion:1.7.19

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.7.18

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.7.17

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.7.8

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.7.7

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.7.6

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.7.5

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.7.4

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.7.3

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.7.15

Trust: 1.9

vendor:apachemodel:subversionscope:eqversion:1.8.11

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.10

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.9

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.5

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.1

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.16

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.11

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.10

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.1

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.8

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.7

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.6

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.4

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.3

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.2

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.8.13

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.9

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.20

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.2

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.14

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.13

Trust: 1.3

vendor:apachemodel:subversionscope:eqversion:1.7.12

Trust: 1.3

vendor:applemodel:xcodescope:lteversion:7.2.1

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.8.0

Trust: 1.0

vendor:apachemodel:subversionscope:eqversion:1.7.0

Trust: 1.0

vendor:apachemodel:subversionscope:ltversion:1.8.x

Trust: 0.8

vendor:applemodel:xcodescope:eqversion:7.3

Trust: 0.8

vendor:apachemodel:http serverscope:ltversion:2.4.x

Trust: 0.8

vendor:apachemodel:subversionscope:eqversion:1.8.14

Trust: 0.8

vendor:apachemodel:subversionscope:eqversion:1.7.21

Trust: 0.8

vendor:apachemodel:http serverscope:eqversion:2.4.16

Trust: 0.8

vendor:applemodel:xcodescope:ltversion:(os x el capitan v10.11 or later )

Trust: 0.8

vendor:apachemodel:subversionscope:ltversion:1.7.x

Trust: 0.8

vendor:ubuntumodel:linuxscope:eqversion:15.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:7

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.5

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:apachemodel:subversionscope:eqversion:1.8

Trust: 0.3

vendor:apachemodel:subversionscope:eqversion:1.7

Trust: 0.3

vendor:apachemodel:httpdscope:eqversion:2.4.12

Trust: 0.3

vendor:apachemodel:httpdscope:eqversion:2.4

Trust: 0.3

vendor:applemodel:xcodescope:neversion:7.3

Trust: 0.3

vendor:apachemodel:subversionscope:neversion:1.8.14

Trust: 0.3

vendor:apachemodel:subversionscope:neversion:1.7.22

Trust: 0.3

vendor:apachemodel:subversionscope:neversion:1.7.21

Trust: 0.3

vendor:apachemodel:httpdscope:neversion:2.4.16

Trust: 0.3

sources: BID: 76274 // JVNDB: JVNDB-2015-004063 // CNNVD: CNNVD-201508-097 // NVD: CVE-2015-3184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3184
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3184
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-097
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81145
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-3184
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3184
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81145
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81145 // VULMON: CVE-2015-3184 // JVNDB: JVNDB-2015-004063 // CNNVD: CNNVD-201508-097 // NVD: CVE-2015-3184

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-81145 // JVNDB: JVNDB-2015-004063 // NVD: CVE-2015-3184

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 133236 // PACKETSTORM: 133473 // CNNVD: CNNVD-201508-097

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201508-097

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004063

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-81145

PATCH

title:CVE-2015-3184-advisoryurl:http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

Trust: 0.8

title:APPLE-SA-2016-03-21-4 Xcode 7.3url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html

Trust: 0.8

title:HT206172url:https://support.apple.com/en-us/HT206172

Trust: 0.8

title:HT206172url:https://support.apple.com/ja-jp/HT206172

Trust: 0.8

title:Debian Security Advisories: DSA-3331-1 subversion -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=c4f6676d49d7fdb86b699dbfdb6dd06f

Trust: 0.1

title:Red Hat: CVE-2015-3184url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3184

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-676url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-676

Trust: 0.1

title:Ubuntu Security Notice: subversion vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2721-1

Trust: 0.1

title:Shodan Search Scripturl:https://github.com/firatesatoglu/shodanSearch

Trust: 0.1

sources: VULMON: CVE-2015-3184 // JVNDB: JVNDB-2015-004063

EXTERNAL IDS

db:NVDid:CVE-2015-3184

Trust: 3.3

db:SECTRACKid:1033215

Trust: 2.6

db:BIDid:76274

Trust: 1.5

db:JVNid:JVNVU97668313

Trust: 0.8

db:JVNDBid:JVNDB-2015-004063

Trust: 0.8

db:CNNVDid:CNNVD-201508-097

Trust: 0.7

db:PACKETSTORMid:136345

Trust: 0.2

db:VULHUBid:VHN-81145

Trust: 0.1

db:VULMONid:CVE-2015-3184

Trust: 0.1

db:PACKETSTORMid:133236

Trust: 0.1

db:PACKETSTORMid:139060

Trust: 0.1

db:PACKETSTORMid:133473

Trust: 0.1

sources: VULHUB: VHN-81145 // VULMON: CVE-2015-3184 // BID: 76274 // JVNDB: JVNDB-2015-004063 // PACKETSTORM: 133236 // PACKETSTORM: 136345 // PACKETSTORM: 139060 // PACKETSTORM: 133473 // CNNVD: CNNVD-201508-097 // NVD: CVE-2015-3184

REFERENCES

url:http://www.securitytracker.com/id/1033215

Trust: 2.6

url:http://subversion.apache.org/security/cve-2015-3184-advisory.txt

Trust: 2.2

url:http://rhn.redhat.com/errata/rhsa-2015-1742.html

Trust: 1.6

url:https://security.gentoo.org/glsa/201610-05

Trust: 1.3

url:http://www.ubuntu.com/usn/usn-2721-1

Trust: 1.3

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00003.html

Trust: 1.2

url:http://www.securityfocus.com/bid/76274

Trust: 1.2

url:https://support.apple.com/ht206172

Trust: 1.2

url:http://www.debian.org/security/2015/dsa-3331

Trust: 1.2

url:http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3184

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97668313/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3184

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-3184

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-3187

Trust: 0.4

url:http://subversion.apache.org/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0248

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0251

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2015-3184

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0202

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://www.debian.org/security/./dsa-3331

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2721-1/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8108

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3580

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/subversion/1.8.10-5ubuntu1.1

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://gpgtools.org

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1765

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3187

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5259

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3504

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2168

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2167

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2167

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0248

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3184

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3504

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3522

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5259

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0251

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0202

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3522

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3528

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0032

Trust: 0.1

url:https://subversion.apache.org/security/cve-2015-0248-advisory.txt

Trust: 0.1

url:https://subversion.apache.org/security/cve-2015-3187-advisory.txt

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0248

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0251

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3187

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://subversion.apache.org/security/cve-2015-0251-advisory.txt

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

sources: VULHUB: VHN-81145 // VULMON: CVE-2015-3184 // BID: 76274 // JVNDB: JVNDB-2015-004063 // PACKETSTORM: 133236 // PACKETSTORM: 136345 // PACKETSTORM: 139060 // PACKETSTORM: 133473 // CNNVD: CNNVD-201508-097 // NVD: CVE-2015-3184

CREDITS

C. Michael Pilato of CollabNet.

Trust: 0.3

sources: BID: 76274

SOURCES

db:VULHUBid:VHN-81145
db:VULMONid:CVE-2015-3184
db:BIDid:76274
db:JVNDBid:JVNDB-2015-004063
db:PACKETSTORMid:133236
db:PACKETSTORMid:136345
db:PACKETSTORMid:139060
db:PACKETSTORMid:133473
db:CNNVDid:CNNVD-201508-097
db:NVDid:CVE-2015-3184

LAST UPDATE DATE

2024-08-14T12:24:09.297000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-81145date:2017-07-01T00:00:00
db:VULMONid:CVE-2015-3184date:2017-07-01T00:00:00
db:BIDid:76274date:2016-10-26T00:16:00
db:JVNDBid:JVNDB-2015-004063date:2016-03-29T00:00:00
db:CNNVDid:CNNVD-201508-097date:2015-08-13T00:00:00
db:NVDid:CVE-2015-3184date:2017-07-01T01:29:15.670

SOURCES RELEASE DATE

db:VULHUBid:VHN-81145date:2015-08-12T00:00:00
db:VULMONid:CVE-2015-3184date:2015-08-12T00:00:00
db:BIDid:76274date:2015-08-05T00:00:00
db:JVNDBid:JVNDB-2015-004063date:2015-08-13T00:00:00
db:PACKETSTORMid:133236date:2015-08-21T16:59:18
db:PACKETSTORMid:136345date:2016-03-22T15:15:02
db:PACKETSTORMid:139060date:2016-10-12T04:50:20
db:PACKETSTORMid:133473date:2015-09-08T15:47:21
db:CNNVDid:CNNVD-201508-097date:2015-08-13T00:00:00
db:NVDid:CVE-2015-3184date:2015-08-12T14:59:10.997