{"id":"USN-2721-1","summary":"subversion vulnerabilities","details":"It was discovered that the Subversion mod_dav_svn module incorrectly\nhandled REPORT requests for a resource that does not exist. A remote\nattacker could use this issue to cause the server to crash, resulting in a\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2014-3580)\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled requests requiring a lookup for a virtual transaction name that\ndoes not exist. A remote attacker could use this issue to cause the server\nto crash, resulting in a denial of service. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-8108)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly\nhandled large numbers of REPORT requests. A remote attacker could use this\nissue to cause the server to crash, resulting in a denial of service. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve\nmodules incorrectly certain crafted parameter combinations. A remote\nattacker could use this issue to cause the server to crash, resulting in a\ndenial of service. (CVE-2015-0248)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module incorrectly\nhandled crafted v1 HTTP protocol request sequences. A remote attacker could\nuse this issue to spoof the svn:author property. (CVE-2015-0251)\n\nC. Michael Pilato discovered that the Subversion mod_dav_svn module\nincorrectly restricted anonymous access. A remote attacker could use this\nissue to read hidden files via the path name. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)\n\nC. Michael Pilato discovered that Subversion incorrectly handled path-based\nauthorization. A remote attacker could use this issue to obtain sensitive\npath information. (CVE-2015-3187)\n","modified":"2026-02-10T04:40:55Z","published":"2015-08-20T17:47:50Z","related":["UBUNTU-CVE-2014-3580","UBUNTU-CVE-2014-8108","UBUNTU-CVE-2015-0202","UBUNTU-CVE-2015-0248","UBUNTU-CVE-2015-0251","UBUNTU-CVE-2015-3184","UBUNTU-CVE-2015-3187"],"upstream":["CVE-2014-3580","CVE-2014-8108","CVE-2015-0202","CVE-2015-0248","CVE-2015-0251","CVE-2015-3184","CVE-2015-3187","UBUNTU-CVE-2014-3580","UBUNTU-CVE-2014-8108","UBUNTU-CVE-2015-0202","UBUNTU-CVE-2015-0248","UBUNTU-CVE-2015-0251","UBUNTU-CVE-2015-3184","UBUNTU-CVE-2015-3187"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2721-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3580"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-8108"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0202"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0248"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0251"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-3184"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-3187"}],"affected":[{"package":{"name":"subversion","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/subversion@1.8.8-1ubuntu3.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.8-1ubuntu3.2"}]}],"versions":["1.7.9-1+nmu6ubuntu3","1.7.13-2ubuntu1","1.7.13-2ubuntu2","1.7.13-2ubuntu3","1.7.14-1ubuntu2","1.8.5-2ubuntu3","1.8.8-1ubuntu2","1.8.8-1ubuntu3","1.8.8-1ubuntu3.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libapache2-mod-svn","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"libapache2-svn","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"libsvn-dev","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"libsvn-java","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"libsvn-perl","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"libsvn-ruby1.8","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"libsvn1","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"python-subversion","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"ruby-svn","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"subversion","binary_version":"1.8.8-1ubuntu3.2"},{"binary_name":"subversion-tools","binary_version":"1.8.8-1ubuntu3.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2721-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2014-3580","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-8108","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-0202","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-0248","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-0251","severity":[{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2015-3184","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-3187","severity":[{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.3"}