CVE-2015-0248

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

Affected Software

Name	Vendor	Start Version	End Version
Subversion	Apache	1.6.0 (including)	1.6.0 (including)
Subversion	Apache	1.6.1 (including)	1.6.1 (including)
Subversion	Apache	1.6.2 (including)	1.6.2 (including)
Subversion	Apache	1.6.3 (including)	1.6.3 (including)
Subversion	Apache	1.6.4 (including)	1.6.4 (including)
Subversion	Apache	1.6.5 (including)	1.6.5 (including)
Subversion	Apache	1.6.6 (including)	1.6.6 (including)
Subversion	Apache	1.6.7 (including)	1.6.7 (including)
Subversion	Apache	1.6.8 (including)	1.6.8 (including)
Subversion	Apache	1.6.9 (including)	1.6.9 (including)
Subversion	Apache	1.6.10 (including)	1.6.10 (including)
Subversion	Apache	1.6.11 (including)	1.6.11 (including)
Subversion	Apache	1.6.12 (including)	1.6.12 (including)
Subversion	Apache	1.6.13 (including)	1.6.13 (including)
Subversion	Apache	1.6.14 (including)	1.6.14 (including)
Subversion	Apache	1.6.15 (including)	1.6.15 (including)
Subversion	Apache	1.6.16 (including)	1.6.16 (including)
Subversion	Apache	1.6.17 (including)	1.6.17 (including)
Subversion	Apache	1.6.18 (including)	1.6.18 (including)
Subversion	Apache	1.6.19 (including)	1.6.19 (including)
Subversion	Apache	1.6.20 (including)	1.6.20 (including)
Subversion	Apache	1.6.21 (including)	1.6.21 (including)
Subversion	Apache	1.6.23 (including)	1.6.23 (including)
Subversion	Apache	1.7.0 (including)	1.7.0 (including)
Subversion	Apache	1.7.1 (including)	1.7.1 (including)
Subversion	Apache	1.7.2 (including)	1.7.2 (including)
Subversion	Apache	1.7.3 (including)	1.7.3 (including)
Subversion	Apache	1.7.4 (including)	1.7.4 (including)
Subversion	Apache	1.7.5 (including)	1.7.5 (including)
Subversion	Apache	1.7.6 (including)	1.7.6 (including)
Subversion	Apache	1.7.7 (including)	1.7.7 (including)
Subversion	Apache	1.7.8 (including)	1.7.8 (including)
Subversion	Apache	1.7.9 (including)	1.7.9 (including)
Subversion	Apache	1.7.10 (including)	1.7.10 (including)
Subversion	Apache	1.7.11 (including)	1.7.11 (including)
Subversion	Apache	1.7.12 (including)	1.7.12 (including)
Subversion	Apache	1.7.13 (including)	1.7.13 (including)
Subversion	Apache	1.7.14 (including)	1.7.14 (including)
Subversion	Apache	1.7.15 (including)	1.7.15 (including)
Subversion	Apache	1.7.16 (including)	1.7.16 (including)
Subversion	Apache	1.7.17 (including)	1.7.17 (including)
Subversion	Apache	1.7.18 (including)	1.7.18 (including)
Subversion	Apache	1.7.19 (including)	1.7.19 (including)
Subversion	Apache	1.8.0 (including)	1.8.0 (including)
Subversion	Apache	1.8.1 (including)	1.8.1 (including)
Subversion	Apache	1.8.2 (including)	1.8.2 (including)
Subversion	Apache	1.8.3 (including)	1.8.3 (including)
Subversion	Apache	1.8.4 (including)	1.8.4 (including)
Subversion	Apache	1.8.5 (including)	1.8.5 (including)
Subversion	Apache	1.8.6 (including)	1.8.6 (including)
Subversion	Apache	1.8.7 (including)	1.8.7 (including)
Subversion	Apache	1.8.8 (including)	1.8.8 (including)
Subversion	Apache	1.8.9 (including)	1.8.9 (including)
Subversion	Apache	1.8.10 (including)	1.8.10 (including)
Subversion	Apache	1.8.11 (including)	1.8.11 (including)
Red Hat Enterprise Linux 6	RedHat	subversion-0:1.6.11-15.el6_7	*
Red Hat Enterprise Linux 7	RedHat	subversion-0:1.7.14-7.ael7b_1.1	*
Subversion	Ubuntu	lucid	*
Subversion	Ubuntu	precise	*
Subversion	Ubuntu	trusty	*
Subversion	Ubuntu	upstream	*
Subversion	Ubuntu	utopic	*
Subversion	Ubuntu	vivid	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-0248
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References