The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
2013-05-02T14:55:05.357
2025-04-11T00:51:21.963
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apache | subversion | 1.6.0 | Yes |
| Application | apache | subversion | 1.6.1 | Yes |
| Application | apache | subversion | 1.6.2 | Yes |
| Application | apache | subversion | 1.6.3 | Yes |
| Application | apache | subversion | 1.6.4 | Yes |
| Application | apache | subversion | 1.6.5 | Yes |
| Application | apache | subversion | 1.6.6 | Yes |
| Application | apache | subversion | 1.6.7 | Yes |
| Application | apache | subversion | 1.6.8 | Yes |
| Application | apache | subversion | 1.6.9 | Yes |
| Application | apache | subversion | 1.6.10 | Yes |
| Application | apache | subversion | 1.6.11 | Yes |
| Application | apache | subversion | 1.6.12 | Yes |
| Application | apache | subversion | 1.6.13 | Yes |
| Application | apache | subversion | 1.6.14 | Yes |
| Application | apache | subversion | 1.6.15 | Yes |
| Application | apache | subversion | 1.6.16 | Yes |
| Application | apache | subversion | 1.6.17 | Yes |
| Application | apache | subversion | 1.6.18 | Yes |
| Application | apache | subversion | 1.6.19 | Yes |
| Application | apache | subversion | 1.6.20 | Yes |
| Application | apache | subversion | 1.7.0 | Yes |
| Application | apache | subversion | 1.7.1 | Yes |
| Application | apache | subversion | 1.7.2 | Yes |
| Application | apache | subversion | 1.7.3 | Yes |
| Application | apache | subversion | 1.7.4 | Yes |
| Application | apache | subversion | 1.7.5 | Yes |
| Application | apache | subversion | 1.7.6 | Yes |
| Application | apache | subversion | 1.7.7 | Yes |
| Application | apache | subversion | 1.7.8 | Yes |