← back
CVE-2013-1847

CVE-2013-1847

EPSS 51.4%
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/38421unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00069.htmlhttp://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3Ehttp://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3Ehttp://rhn.redhat.com/errata/RHSA-2013-0737.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=929090https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18538http://subversion.apache.org/security/CVE-2013-1847-advisory.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2013:153http://www.ubuntu.com/usn/USN-1893-1