CVE-2014-3580
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
Known Affected Software
103 configuration(s) from 4 vendor(s)
subversion
Version:
1.8.4
CPE:
cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
subversion
Version:
1.8.9
CPE:
cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
subversion
Version:
1.1.1
CPE:
cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*
subversion
Version:
1.2.1
CPE:
cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*
subversion
Version:
1.8.8
CPE:
cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
subversion
Version:
1.3.1
CPE:
cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*
subversion
Version:
1.6.1
CPE:
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
subversion
Version:
1.6.14
CPE:
cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
subversion
Version:
1.0.8
CPE:
cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*
subversion
Version:
1.6.0
CPE:
cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
subversion
Version:
1.7.5
CPE:
cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
subversion
Version:
1.8.2
CPE:
cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
subversion
Version:
1.5.2
CPE:
cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
subversion
Version:
1.7.19
CPE:
cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*
subversion
Version:
1.6.9
CPE:
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
subversion
Version:
1.6.3
CPE:
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
subversion
Version:
1.4.3
CPE:
cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
subversion
Version:
1.6.4
CPE:
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
subversion
Version:
1.7.11
CPE:
cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
subversion
Version:
1.6.6
CPE:
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
subversion
Version:
1.7.13
CPE:
cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
subversion
Version:
1.8.5
CPE:
cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
subversion
Version:
1.4.6
CPE:
cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
subversion
Version:
1.8.0
CPE:
cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
subversion
Version:
1.4.0
CPE:
cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
subversion
Version:
1.6.10
CPE:
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
subversion
Version:
1.7.17
CPE:
cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
subversion
Version:
1.0.0
CPE:
cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*
subversion
Version:
1.4.2
CPE:
cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
subversion
Version:
1.4.1
CPE:
cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
subversion
Version:
1.0.7
CPE:
cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*
subversion
Version:
1.6.19
CPE:
cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
subversion
Version:
1.6.11
CPE:
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
subversion
Version:
1.8.6
CPE:
cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
subversion
Version:
1.8.10
CPE:
cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*
subversion
Version:
1.5.3
CPE:
cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
subversion
Version:
1.6.17
CPE:
cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
subversion
Version:
1.1.3
CPE:
cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*
subversion
Version:
1.2.2
CPE:
cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*
subversion
Version:
1.6.23
CPE:
cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
subversion
Version:
1.6.15
CPE:
cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
subversion
Version:
1.6.8
CPE:
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
subversion
Version:
1.7.8
CPE:
cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
subversion
Version:
1.6.7
CPE:
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
subversion
Version:
1.8.3
CPE:
cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
subversion
Version:
1.6.5
CPE:
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
subversion
Version:
1.7.0
CPE:
cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
subversion
Version:
1.6.2
CPE:
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
subversion
Version:
1.4.5
CPE:
cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
subversion
Version:
1.0.1
CPE:
cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*
subversion
Version:
1.7.12
CPE:
cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
subversion
Version:
1.7.14
CPE:
cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
subversion
Version:
1.2.0
CPE:
cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*
subversion
Version:
1.0.4
CPE:
cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*
subversion
Version:
1.4.4
CPE:
cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
subversion
Version:
1.0.5
CPE:
cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*
subversion
Version:
1.0.2
CPE:
cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*
subversion
Version:
1.6.20
CPE:
cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
subversion
Version:
1.8.7
CPE:
cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
subversion
Version:
1.3.2
CPE:
cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*
subversion
Version:
1.7.10
CPE:
cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
subversion
Version:
1.0.6
CPE:
cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*
subversion
Version:
1.6.13
CPE:
cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
subversion
Version:
1.7.2
CPE:
cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
subversion
Version:
1.7.4
CPE:
cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
subversion
Version:
1.1.4
CPE:
cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*
subversion
Version:
1.0.3
CPE:
cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*
subversion
Version:
1.5.5
CPE:
cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
subversion
Version:
1.7.15
CPE:
cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
subversion
Version:
1.5.1
CPE:
cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
subversion
Version:
1.6.12
CPE:
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
subversion
Version:
1.7.3
CPE:
cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
subversion
Version:
1.7.18
CPE:
cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*
subversion
Version:
1.5.8
CPE:
cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
subversion
Version:
1.2.3
CPE:
cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*
subversion
Version:
1.0.9
CPE:
cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*
subversion
Version:
1.5.7
CPE:
cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
subversion
Version:
1.1.2
CPE:
cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*
subversion
Version:
1.8.1
CPE:
cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
subversion
Version:
1.6.21
CPE:
cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
subversion
Version:
1.5.0
CPE:
cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
subversion
Version:
1.7.16
CPE:
cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
subversion
Version:
1.3.0
CPE:
cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*
subversion
Version:
1.6.16
CPE:
cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
subversion
Version:
1.5.4
CPE:
cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
subversion
Version:
1.7.6
CPE:
cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
subversion
Version:
1.6.18
CPE:
cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
subversion
Version:
1.7.7
CPE:
cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
subversion
Version:
1.5.6
CPE:
cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
subversion
Version:
1.7.1
CPE:
cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
subversion
Version:
1.1.0
CPE:
cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*
subversion
Version:
1.7.9
CPE:
cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
xcode
Version:
6.1.1
CPE:
cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
debian_linux
Version:
7.0
CPE:
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
enterprise_linux_workstation
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*
enterprise_linux_server_eus
Version:
6.6.z
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*
enterprise_linux_server
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*
enterprise_linux_hpc_node
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
enterprise_linux_hpc_node
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
enterprise_linux_server
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:x64:*
enterprise_linux_desktop
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*
enterprise_linux_desktop
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*
enterprise_linux_workstation
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*
This vulnerability affects 103 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0165.htmlsecalert@redhat.com Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0166.htmlsecalert@redhat.com Third Party Advisory
-
http://secunia.com/advisories/61131secalert@redhat.com
-
http://subversion.apache.org/security/CVE-2014-3580-advisory.txtsecalert@redhat.com Patch Vendor Advisory
-
http://www.debian.org/security/2014/dsa-3107secalert@redhat.com Third Party Advisory
-
http://www.securityfocus.com/bid/71726secalert@redhat.com
-
http://www.ubuntu.com/usn/USN-2721-1secalert@redhat.com
-
https://support.apple.com/HT204427secalert@redhat.com Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0165.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0166.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://secunia.com/advisories/61131af854a3a-2127-422b-91ae-364da2661108
-
http://subversion.apache.org/security/CVE-2014-3580-advisory.txtaf854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
-
http://www.debian.org/security/2014/dsa-3107af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securityfocus.com/bid/71726af854a3a-2127-422b-91ae-364da2661108
-
http://www.ubuntu.com/usn/USN-2721-1af854a3a-2127-422b-91ae-364da2661108
-
https://support.apple.com/HT204427af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
out of 10.0
Low
Key Information
- Published Date
- December 18, 2014
