4

CVE-2015-0251

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheSubversion Version1.5.0
ApacheSubversion Version1.5.1
ApacheSubversion Version1.5.2
ApacheSubversion Version1.5.3
ApacheSubversion Version1.5.4
ApacheSubversion Version1.5.5
ApacheSubversion Version1.5.6
ApacheSubversion Version1.5.7
ApacheSubversion Version1.5.8
ApacheSubversion Version1.6.0
ApacheSubversion Version1.6.1
ApacheSubversion Version1.6.2
ApacheSubversion Version1.6.3
ApacheSubversion Version1.6.4
ApacheSubversion Version1.6.5
ApacheSubversion Version1.6.6
ApacheSubversion Version1.6.7
ApacheSubversion Version1.6.8
ApacheSubversion Version1.6.9
ApacheSubversion Version1.6.10
ApacheSubversion Version1.6.11
ApacheSubversion Version1.6.12
ApacheSubversion Version1.6.13
ApacheSubversion Version1.6.14
ApacheSubversion Version1.6.15
ApacheSubversion Version1.6.16
ApacheSubversion Version1.6.17
ApacheSubversion Version1.6.18
ApacheSubversion Version1.6.19
ApacheSubversion Version1.6.20
ApacheSubversion Version1.6.21
ApacheSubversion Version1.6.23
ApacheSubversion Version1.7.0
ApacheSubversion Version1.7.1
ApacheSubversion Version1.7.2
ApacheSubversion Version1.7.3
ApacheSubversion Version1.7.4
ApacheSubversion Version1.7.5
ApacheSubversion Version1.7.6
ApacheSubversion Version1.7.7
ApacheSubversion Version1.7.8
ApacheSubversion Version1.7.9
ApacheSubversion Version1.7.10
ApacheSubversion Version1.7.11
ApacheSubversion Version1.7.12
ApacheSubversion Version1.7.13
ApacheSubversion Version1.7.14
ApacheSubversion Version1.7.15
ApacheSubversion Version1.7.16
ApacheSubversion Version1.7.17
ApacheSubversion Version1.7.18
ApacheSubversion Version1.7.19
ApacheSubversion Version1.8.0
ApacheSubversion Version1.8.1
ApacheSubversion Version1.8.2
ApacheSubversion Version1.8.3
ApacheSubversion Version1.8.4
ApacheSubversion Version1.8.5
ApacheSubversion Version1.8.6
ApacheSubversion Version1.8.7
ApacheSubversion Version1.8.8
ApacheSubversion Version1.8.9
ApacheSubversion Version1.8.10
ApacheSubversion Version1.8.11
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
OracleSolaris Version11.3
AppleXCode Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.56% 0.937
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory
https://security.gentoo.org/glsa/201610-05
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
Mailing List
https://support.apple.com/HT205217
Third Party Advisory
http://www.ubuntu.com/usn/USN-2721-1
http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:192
Broken Link
http://rhn.redhat.com/errata/RHSA-2015-1633.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1742.html
http://www.debian.org/security/2015/dsa-3231
http://www.securitytracker.com/id/1033214
http://seclists.org/fulldisclosure/2015/Jun/32
http://subversion.apache.org/security/CVE-2015-0251-advisory.txt
Vendor Advisory
http://www.securityfocus.com/bid/74259