UBUNTU-CVE-2013-4558
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2013-4558
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-4558.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-4558
- Related
- Published
- 2013-12-07T20:55:00Z
- Modified
- 2013-12-07T20:55:00Z
- Summary
- [none]
- Details
-
The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
- References
Affected packages
Ubuntu:14.04:LTS / subversion
Package
- Name
- subversion
- Purl
- pkg:deb/ubuntu/subversion@1.8.8-1ubuntu3?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.8-1ubuntu3
Affected versions
1.*
1.7.9-1+nmu6ubuntu3
1.7.13-2ubuntu1
1.7.13-2ubuntu2
1.7.13-2ubuntu3
1.7.14-1ubuntu2
1.8.5-2ubuntu3
1.8.8-1ubuntu2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libsvn-java": "1.8.8-1ubuntu3",
"libsvn-perl": "1.8.8-1ubuntu3",
"libsvn1": "1.8.8-1ubuntu3",
"subversion": "1.8.8-1ubuntu3",
"subversion-dbg": "1.8.8-1ubuntu3",
"ruby-svn": "1.8.8-1ubuntu3",
"python-subversion": "1.8.8-1ubuntu3",
"subversion-tools": "1.8.8-1ubuntu3",
"libsvn-ruby1.8": "1.8.8-1ubuntu3",
"libapache2-svn": "1.8.8-1ubuntu3",
"libapache2-mod-svn": "1.8.8-1ubuntu3",
"libsvn-doc": "1.8.8-1ubuntu3",
"libsvn-dev": "1.8.8-1ubuntu3",
"python-subversion-dbg": "1.8.8-1ubuntu3"
}
]
}