CVE-2015-0202 | Vulnerability Database | Aqua Security

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.

Affected Software

Name	Vendor	Start Version	End Version
Subversion	Apache	1.8.0 (including)	1.8.0 (including)
Subversion	Apache	1.8.1 (including)	1.8.1 (including)
Subversion	Apache	1.8.2 (including)	1.8.2 (including)
Subversion	Apache	1.8.3 (including)	1.8.3 (including)
Subversion	Apache	1.8.4 (including)	1.8.4 (including)
Subversion	Apache	1.8.5 (including)	1.8.5 (including)
Subversion	Apache	1.8.6 (including)	1.8.6 (including)
Subversion	Apache	1.8.7 (including)	1.8.7 (including)
Subversion	Apache	1.8.8 (including)	1.8.8 (including)
Subversion	Apache	1.8.9 (including)	1.8.9 (including)
Subversion	Apache	1.8.10 (including)	1.8.10 (including)
Subversion	Apache	1.8.11 (including)	1.8.11 (including)

References

http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html
http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2015:192
http://www.securityfocus.com/bid/76446
http://www.securitytracker.com/id/1032100
http://www.ubuntu.com/usn/USN-2721-1
https://security.gentoo.org/glsa/201610-05

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-0202
CWE	https://cwe.mitre.org/data/definitions/399.html