Multiple Subversion "mod_dav_svn" Denial of Service and Information Leakage Vulnerabilities

Release date:
Updated on:

Affected Systems:
Apache Group Subversion 1.x
Apache Group Subversion 0.x
Unaffected system:
Apache Group Subversion 1.6.17
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48091
Cve id: CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2011-1921

Subversion is a free and open-source version control system.

Subversion has Multiple Denial of Service and Information Leakage vulnerabilities in the implementation of mod_dav_svn. Remote attackers can exploit these vulnerabilities to crash applications, consume all memory resources or obtain sensitive information.

The Subversion mod_dav_svn Apache HTTPD server module enters a logic loop that does not exist in some situations and memory is allocated each time it repeats, consuming all the memory on the server.

<* Source: Joe Schaefer

Link: http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://httpd.apache.org/