CVE-2015-0251
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
Known Affected Software
73 configuration(s) from 5 vendor(s)
subversion
Version:
1.8.4
CPE:
cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
subversion
Version:
1.8.9
CPE:
cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
subversion
Version:
1.8.8
CPE:
cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
subversion
Version:
1.6.1
CPE:
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
subversion
Version:
1.6.14
CPE:
cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
subversion
Version:
1.6.0
CPE:
cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
subversion
Version:
1.7.5
CPE:
cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
subversion
Version:
1.8.2
CPE:
cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
subversion
Version:
1.5.2
CPE:
cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
subversion
Version:
1.7.19
CPE:
cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*
subversion
Version:
1.6.9
CPE:
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
subversion
Version:
1.6.3
CPE:
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
subversion
Version:
1.6.4
CPE:
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
subversion
Version:
1.7.11
CPE:
cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
subversion
Version:
1.6.6
CPE:
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
subversion
Version:
1.7.13
CPE:
cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
subversion
Version:
1.8.5
CPE:
cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
subversion
Version:
1.8.0
CPE:
cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
subversion
Version:
1.6.10
CPE:
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
subversion
Version:
1.7.17
CPE:
cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
subversion
Version:
1.6.19
CPE:
cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
subversion
Version:
1.6.11
CPE:
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
subversion
Version:
1.8.6
CPE:
cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
subversion
Version:
1.8.10
CPE:
cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*
subversion
Version:
1.5.3
CPE:
cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
subversion
Version:
1.6.17
CPE:
cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
subversion
Version:
1.6.23
CPE:
cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
subversion
Version:
1.6.15
CPE:
cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
subversion
Version:
1.6.8
CPE:
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
subversion
Version:
1.7.8
CPE:
cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
subversion
Version:
1.6.7
CPE:
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
subversion
Version:
1.8.3
CPE:
cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
subversion
Version:
1.8.11
CPE:
cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*
subversion
Version:
1.6.5
CPE:
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
subversion
Version:
1.7.0
CPE:
cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
subversion
Version:
1.6.2
CPE:
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
subversion
Version:
1.7.12
CPE:
cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
subversion
Version:
1.7.14
CPE:
cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
subversion
Version:
1.6.20
CPE:
cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
subversion
Version:
1.8.7
CPE:
cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
subversion
Version:
1.7.10
CPE:
cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
subversion
Version:
1.6.13
CPE:
cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
subversion
Version:
1.7.2
CPE:
cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
subversion
Version:
1.7.4
CPE:
cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
subversion
Version:
1.5.5
CPE:
cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
subversion
Version:
1.7.15
CPE:
cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
subversion
Version:
1.5.1
CPE:
cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
subversion
Version:
1.6.12
CPE:
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
subversion
Version:
1.7.3
CPE:
cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
subversion
Version:
1.7.18
CPE:
cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*
subversion
Version:
1.5.8
CPE:
cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
subversion
Version:
1.5.7
CPE:
cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
subversion
Version:
1.8.1
CPE:
cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
subversion
Version:
1.6.21
CPE:
cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
subversion
Version:
1.5.0
CPE:
cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
subversion
Version:
1.7.16
CPE:
cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
subversion
Version:
1.6.16
CPE:
cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
subversion
Version:
1.5.4
CPE:
cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
subversion
Version:
1.7.6
CPE:
cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
subversion
Version:
1.6.18
CPE:
cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
subversion
Version:
1.7.7
CPE:
cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
subversion
Version:
1.5.6
CPE:
cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
subversion
Version:
1.7.1
CPE:
cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
subversion
Version:
1.7.9
CPE:
cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
xcode
Version:
7.0
CPE:
cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*
opensuse
Version:
13.2
CPE:
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
opensuse
Version:
13.1
CPE:
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
solaris
Version:
11.3
CPE:
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
enterprise_linux_server
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*
enterprise_linux_hpc_node
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
enterprise_linux_server_eus
Version:
6.7.z
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*
enterprise_linux_workstation
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*
This vulnerability affects 73 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlsecalert@redhat.com Mailing List
-
http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.htmlsecalert@redhat.com Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1633.htmlsecalert@redhat.com Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1742.htmlsecalert@redhat.com
-
http://seclists.org/fulldisclosure/2015/Jun/32secalert@redhat.com
-
http://subversion.apache.org/security/CVE-2015-0251-advisory.txtsecalert@redhat.com Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3231secalert@redhat.com
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:192secalert@redhat.com Broken Link
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlsecalert@redhat.com Third Party Advisory
-
http://www.securityfocus.com/bid/74259secalert@redhat.com
-
http://www.securitytracker.com/id/1033214secalert@redhat.com
-
http://www.ubuntu.com/usn/USN-2721-1secalert@redhat.com
-
https://security.gentoo.org/glsa/201610-05secalert@redhat.com
-
https://support.apple.com/HT205217secalert@redhat.com Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List
-
http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1633.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1742.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://seclists.org/fulldisclosure/2015/Jun/32af854a3a-2127-422b-91ae-364da2661108
-
http://subversion.apache.org/security/CVE-2015-0251-advisory.txtaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3231af854a3a-2127-422b-91ae-364da2661108
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:192af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securityfocus.com/bid/74259af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id/1033214af854a3a-2127-422b-91ae-364da2661108
-
http://www.ubuntu.com/usn/USN-2721-1af854a3a-2127-422b-91ae-364da2661108
-
https://security.gentoo.org/glsa/201610-05af854a3a-2127-422b-91ae-364da2661108
-
https://support.apple.com/HT205217af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-345
Insufficient Verification of Data Authenticity
- Description
- The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
- Typical Severity
- Medium
- Abstraction Level
- Class
Key Information
- Published Date
- April 08, 2015
