CVE-2011-1783 | Vulnerability Database | Aqua Security

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.

Affected Software

Name	Vendor	Start Version	End Version
Subversion	Apache	1.5.0 (including)	1.5.8 (including)
Subversion	Apache	1.6.0 (including)	1.6.17 (excluding)
Red Hat Enterprise Linux 5	RedHat	subversion-0:1.6.11-7.el5_6.4	*
Red Hat Enterprise Linux 6	RedHat	subversion-0:1.6.11-2.el6_1.4	*
Subversion	Ubuntu	devel	*
Subversion	Ubuntu	hardy	*
Subversion	Ubuntu	lucid	*
Subversion	Ubuntu	maverick	*
Subversion	Ubuntu	natty	*
Subversion	Ubuntu	upstream	*

References

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html
http://secunia.com/advisories/44633
http://secunia.com/advisories/44681
http://secunia.com/advisories/44849
http://secunia.com/advisories/44888
http://secunia.com/advisories/45162
http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
http://support.apple.com/kb/HT5130
http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
http://www.debian.org/security/2011/dsa-2251
http://www.mandriva.com/security/advisories?name=MDVSA-2011:106
http://www.redhat.com/support/errata/RHSA-2011-0862.html
http://www.securityfocus.com/bid/48091
http://www.securitytracker.com/id?1025618
http://www.ubuntu.com/usn/USN-1144-1
https://bugzilla.redhat.com/show_bug.cgi?id=709112
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18889

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1783
CWE	https://cwe.mitre.org/data/definitions/.html