Release date:
Updated on:
Affected Systems:
Apache Group Subversion 1.x
Apache Group Subversion 0.x
Unaffected system:
Apache Group Subversion 1.6.17
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48091
Cve id: CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2011-1921
Subversion is a free and open-source version control system.
Subversion has Multiple Denial of Service and Information Leakage vulnerabilities in the implementation of mod_dav_svn. Remote attackers can exploit these vulnerabilities to crash applications, consume all memory resources or obtain sensitive information.
The Subversion mod_dav_svn Apache HTTPD server module enters a logic loop that does not exist in some situations and memory is allocated each time it repeats, consuming all the memory on the server.
<* Source: Joe Schaefer
Link: http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://httpd.apache.org/