CVE Vulnerabilities

CVE-2015-0251

Insufficient Verification of Data Authenticity

Published: Apr 08, 2015 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Subversion Apache 1.6.10 1.6.10
Subversion Apache 1.6.19 1.6.19
Subversion Apache 1.8.2 1.8.2
Subversion Apache 1.7.3 1.7.3
Subversion Apache 1.6.20 1.6.20
Subversion Apache 1.7.17 1.7.17
Subversion Apache 1.7.19 1.7.19
Subversion Apache 1.8.0 1.8.0
Subversion Apache 1.6.2 1.6.2
Subversion Apache 1.7.1 1.7.1
Subversion Apache 1.7.11 1.7.11
Subversion Apache 1.7.16 1.7.16
Subversion Apache 1.6.18 1.6.18
Subversion Apache 1.6.16 1.6.16
Subversion Apache 1.5.5 1.5.5
Subversion Apache 1.7.4 1.7.4
Subversion Apache 1.6.21 1.6.21
Subversion Apache 1.6.5 1.6.5
Subversion Apache 1.7.6 1.7.6
Subversion Apache 1.5.3 1.5.3
Subversion Apache 1.8.1 1.8.1
Subversion Apache 1.5.7 1.5.7
Subversion Apache 1.8.9 1.8.9
Subversion Apache 1.7.9 1.7.9
Subversion Apache 1.7.12 1.7.12
Subversion Apache 1.6.3 1.6.3
Subversion Apache 1.6.8 1.6.8
Subversion Apache 1.7.10 1.7.10
Subversion Apache 1.8.5 1.8.5
Subversion Apache 1.6.13 1.6.13
Subversion Apache 1.7.7 1.7.7
Subversion Apache 1.6.0 1.6.0
Subversion Apache 1.5.8 1.5.8
Subversion Apache 1.5.2 1.5.2
Subversion Apache 1.6.7 1.6.7
Subversion Apache 1.6.12 1.6.12
Subversion Apache 1.8.6 1.8.6
Subversion Apache 1.7.2 1.7.2
Subversion Apache 1.6.1 1.6.1
Subversion Apache 1.7.18 1.7.18
Subversion Apache 1.6.4 1.6.4
Subversion Apache 1.7.13 1.7.13
Subversion Apache 1.8.4 1.8.4
Subversion Apache 1.6.23 1.6.23
Subversion Apache 1.8.3 1.8.3
Subversion Apache 1.7.8 1.7.8
Subversion Apache 1.8.10 1.8.10
Subversion Apache 1.8.7 1.8.7
Subversion Apache 1.6.15 1.6.15
Subversion Apache 1.5.4 1.5.4
Subversion Apache 1.7.14 1.7.14
Subversion Apache 1.6.11 1.6.11
Subversion Apache 1.7.5 1.7.5
Subversion Apache 1.6.14 1.6.14
Subversion Apache 1.5.1 1.5.1
Subversion Apache 1.7.15 1.7.15
Subversion Apache 1.6.17 1.6.17
Subversion Apache 1.5.6 1.5.6
Subversion Apache 1.5.0 1.5.0
Subversion Apache 1.8.11 1.8.11
Subversion Apache 1.6.6 1.6.6
Subversion Apache 1.6.9 1.6.9
Subversion Apache 1.8.8 1.8.8
Subversion Apache 1.7.0 1.7.0

References