← volver
CVE-2020-17525

Remote unauthenticated denial-of-service in Subversion mod_authz_svn

EPSS 37.5%CWE-476
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Productos afectados
Apache Software Foundation · Apache Subversion

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.debian.org/debian-lts-announce/2021/05/msg00000.htmlhttps://subversion.apache.org/security/CVE-2020-17525-advisory.txt