Meta tags:
Headings (most frequently used words):
security, apache, subversion, previous, advisories,
Text of the page (most frequently used words):
advisory (51), txt (50), cve (47), and (37), subversion (21), the (19), mod_dav_svn (18), #apache (16), 2013 (14), pgp (10), security (10), svn (9), svnserve (8), requests (8), dos (7), vulnerability (7), with (7), paths (6), remotely (6), triggerable (6), 2015 (6), against (6), memory (5), mod_authz_svn (5), urls (5), from (5), overflow (5), are (5), 2014 (5), server (5), denial (4), service (4), via (4), path (4), code (4), using (4), revision (4), can (4), crashes (4), 2011 (4), software (4), foundation (4), vulnerable (3), remote (3), httpd (3), pointer (3), clients (3), http (3), 2016 (3), copy (3), heap (3), out (3), parser (3), servers (3), when (3), for (3), assertion (3), fsfs (3), report (3), file (3), exposure (3), unreadable (3), 2010 (3), about (3), characters (2), 2024 (2), corruption (2), authz (2), unauthenticated (2), 2018 (2), will (2), crash (2), root (2), arbitrary (2), execution (2), sha1 (2), mod_dontdothat (2), may (2), wrong (2), read (2), caused (2), some (2), based (2), does (2), not (2), restrict (2), anonymous (2), allow (2), property (2), certain (2), repositories (2), excessive (2), invalid (2), non (2), symlink (2), attack (2), pid (2), activity (2), lock (2), null (2), dereference (2), binary (2), handling (2), 2007 (2), metadata (2), leakage (2), 2004 (2), version (2), advisories (2), team (2), vulnerabilities (2), please (2), community (2), logo (2), trademarks (2), license (2), documentation (2), source (2), getting (2), control, 46901, command, line, argument, injection, windows, platforms, 45720, 2022, 24070, protected, copyfrom, regression, 2021, 28544, 2020, 17525, 2019, 0203, get, deleted, rev, 11782, module, after, dereferencing, uninitialized, client, omits, recursive, directory, listing, operation, 11803, through, malicious, ssh, externals, sync, url, alpha1, alpha3, 2017, 9800, unable, store, collisions, unrestricted, xml, entity, expansion, 8734, during, move, authorization, check, 2168, sasl, authenticate, users, realm, 2167, bounds, integer, protocol, 5259, both, reveal, that, should, hidden, 3187, properly, access, mixed, authenticated, environments, 3184, spoofing, author, values, new, revisions, 0251, dynamically, evaluated, numbers, 0248, use, 0202, virtual, transaction, names, 8108, 3580, credentials, cached, sent, 3528, ra_serf, improper, validation, wildcards, ssl, certs, 3522, svnlistparentpath, 0032, triggered, canonical, autoversioning, commits, 4558, serf, 4505, 4277, admin, side, tools, 4262, editing, packed, properties, 4246, 4131, 2112, contrib, hook, scripts, see, 2088, corrupted, newline, filenames, 1968, range, limit, log, request, 1884, propfind, 1849, existant, 1847, 1846, usage, changes, 1845, 1921, exhaustion, 1783, 1752, 0715, error, blame, 4644, potential, svnparentpath, 4539, svnpathauthz, short_circuit, employed, 3315, delta, 2009, 2411, delivery, installation, mis, 3846, prop, commands, 2448, rcx, 0749, deep, readable, location, issue, related, string, parsing, 0413, date, buffer, sscanf, description, affected, document, following, list, past, issued, project, previous, learn, more, how, development, treats, discovered, reported, visit, guide, section, https, www, org, provides, framework, folks, reports, you, discover, follow, instructions, found, here, privacy, policy, copyright, 2026, licensed, under, registered, official, online, thanks, donate, asf, conduct, involved, wiki, reporting, issues, mailing, lists, release, notes, download, packages, blog, quick, start, roadmap, faq, features, news,
Text of the page (random words):
apache subversion security about subversion news features documentation faq roadmap security quick start blog getting subversion binary packages source download release notes community mailing lists reporting issues wiki getting involved source code code of conduct about the asf license donate thanks read the official subversion documentation online copyright 2026 the apache software foundation licensed under the apache license version 2 0 apache apache subversion and the apache logo are trademarks of the apache software foundation subversion and the apache subversion logo are registered trademarks of the apache software foundation privacy policy apache subversion security the apache software foundation provides a framework and team of folks for handling reports of security vulnerabilities if you discover a security vulnerability in apache subversion please follow the instructions found here https www apache org security to learn more about how the subversion development team treats discovered and reported security vulnerabilities please visit the security section of the community guide previous security advisories the following are a list of past security advisories issued by the subversion project document affected version s description svn sscanf advisory txt 1 0 0 1 0 2 date parser buffer overflow can 2004 0413 advisory txt 1 0 0 1 0 4 denial of service and heap overflow issue related to string parsing in svnserve mod_authz_svn copy advisory txt 1 0 0 1 0 5 mod_authz_svn exposure of unreadable paths via deep copy to readable location can 2004 0749 advisory txt 1 0 0 1 0 7 1 1 0 rcx revision metadata leakage in mod_dav_svn cve 2007 2448 advisory txt 1 0 1 1 4 3 revision metadata leakage via svn prop commands cve 2007 3846 advisory txt 1 0 0 1 4 4 remote file delivery and installation via path mis handling cve 2009 2411 advisory txt 1 0 0 1 6 3 heap overflow in binary delta parser cve 2010 3315 advisory txt 1 5 0 1 5 7 1 6 0 1 6 12 mod_dav_svn exposure of unreadable paths when svnpathauthz short_circuit is employed cve 2010 4539 1 0 0 1 5 8 1 6 0 1 6 13 mod_dav_svn potential crash when using svnparentpath cve 2010 4644 1 5 0 1 5 8 1 6 0 1 6 13 server out of memory error caused by blame g cve 2011 0715 advisory txt 1 2 0 1 5 9 1 6 0 1 6 15 server null pointer dereference cve 2011 1752 advisory txt 1 0 0 1 6 16 server null pointer dereference cve 2011 1783 advisory txt 1 5 0 1 6 16 server memory exhaustion cve 2011 1921 advisory txt 1 5 0 1 6 16 mod_dav_svn exposure of unreadable paths cve 2013 1845 advisory txt 1 0 0 1 6 20 and 1 7 0 1 7 8 mod_dav_svn excessive memory usage from property changes cve 2013 1846 advisory txt 1 0 0 1 6 20 and 1 7 0 1 7 8 mod_dav_svn crashes on lock requests against activity urls cve 2013 1847 advisory txt 1 6 0 1 6 20 and 1 7 0 1 7 8 mod_dav_svn crashes on lock requests against non existant urls cve 2013 1849 advisory txt 1 0 0 1 6 20 and 1 7 0 1 7 8 mod_dav_svn crashes on propfind requests against activity urls cve 2013 1884 advisory txt 1 7 0 1 7 8 mod_dav_svn crashes on out of range limit in log report request cve 2013 1968 advisory txt 1 1 0 1 6 23 and 1 7 0 1 7 9 fsfs repositories can be corrupted by newline characters in filenames cve 2013 2088 advisory txt 1 2 0 1 6 23 see advisory contrib hook scripts can allow arbitrary code execution cve 2013 2112 advisory txt 1 0 0 1 6 21 and 1 7 0 1 7 9 svnserve remotely triggerable dos cve 2013 4131 advisory txt 1 6 0 1 7 10 and 1 8 0 mod_dav_svn assertion from requests against root path cve 2013 4246 advisory txt 1 8 0 1 8 1 fsfs corruption from editing packed revision properties cve 2013 4262 advisory txt 1 8 0 1 8 2 admin side tools symlink attack against pid file cve 2013 4277 advisory txt 1 4 0 1 7 12 and 1 8 0 1 8 2 svnserve symlink attack against pid file cve 2013 4505 advisory txt 1 4 0 1 7 13 and 1 8 0 1 8 4 mod_dontdothat does not restrict requests from serf based clients cve 2013 4558 advisory txt 1 7 11 1 7 13 and 1 8 1 1 8 4 mod_dav_svn assertion triggered by non canonical urls in autoversioning commits cve 2014 0032 advisory txt 1 3 0 1 7 14 and 1 8 0 1 8 5 mod_dav_svn dos vulnerability with svnlistparentpath cve 2014 3522 advisory txt 1 4 0 1 7 17 and 1 8 0 1 8 9 ra_serf improper validation of wildcards in ssl certs cve 2014 3528 advisory txt 1 0 0 1 7 17 and 1 8 0 1 8 9 credentials cached with svn may be sent to wrong server cve 2014 3580 advisory txt 1 0 0 1 7 18 and 1 8 0 1 8 10 mod_dav_svn dos vulnerability with invalid report requests cve 2014 8108 advisory txt 1 7 0 1 7 18 and 1 8 0 1 8 10 mod_dav_svn dos vulnerability with invalid virtual transaction names cve 2015 0202 advisory txt 1 8 0 1 8 11 subversion http servers with fsfs repositories are vulnerable to a remotely triggerable excessive memory use with certain report requests cve 2015 0248 advisory txt 1 6 0 1 7 19 and 1 8 0 1 8 11 subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion dos vulnerability for certain requests with dynamically evaluated revision numbers cve 2015 0251 advisory txt 1 5 0 1 7 19 and 1 8 0 1 8 11 subversion http servers allow spoofing svn author property values for new revisions cve 2015 3184 advisory txt 1 7 0 1 7 20 and 1 8 0 1 8 13 subversion s mod_authz_svn does not properly restrict anonymous access in some mixed anonymous authenticated environments when using apache httpd 2 4 cve 2015 3187 advisory txt 1 7 0 1 7 20 and 1 8 0 1 8 13 subversion servers both httpd and svnserve will reveal some paths that should be hidden by path based authz cve 2015 5259 advisory txt 1 9 0 1 9 2 remotely triggerable heap overflow and out of bounds read caused by integer overflow in the svn protocol parser cve 2016 2167 advisory txt 1 5 0 1 8 15 and 1 9 0 1 9 3 svnserve sasl may authenticate users using the wrong realm cve 2016 2168 advisory txt 1 0 0 1 8 15 and 1 9 0 1 9 3 remotely triggerable dos vulnerability in mod_authz_svn during copy move authorization check cve 2016 8734 advisory txt pgp 1 4 0 1 8 16 and 1 9 0 1 9 4 unrestricted xml entity expansion in mod_dontdothat and subversion clients using http s sha1 advisory txt 1 1 0 1 8 17 and 1 9 0 1 9 5 apache subversion is unable to store sha1 collisions cve 2017 9800 advisory txt pgp 1 0 0 1 8 18 and 1 9 0 1 9 6 and 1 10 0 alpha1 1 10 0 alpha3 arbitrary code execution on clients through malicious svn ssh urls in svn externals and svn sync from url cve 2018 11803 advisory txt pgp 1 10 0 1 10 3 and 1 11 0 subversion s mod_dav_svn apache httpd module will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation cve 2018 11782 advisory txt pgp 1 9 0 1 9 10 1 10 0 1 10 4 1 11 0 1 11 1 1 12 0 remotely triggerable dos vulnerability in svnserve get deleted rev cve 2019 0203 advisory txt pgp 1 9 0 1 9 10 1 10 0 1 10 4 1 11 0 1 11 1 1 12 0 remote unauthenticated denial of service in subversion svnserve cve 2020 17525 advisory txt pgp 1 9 0 1 9 10 1 10 0 1 10 6 1 11 0 1 11 1 1 12 0 1 12 2 1 13 0 1 14 0 remote unauthenticated denial of service in mod_authz_svn cve 2021 28544 advisory txt pgp 1 10 0 1 10 7 1 14 0 1 14 1 svn authz protected copyfrom paths regression cve 2022 24070 advisory txt pgp 1 10 0 1 10 7 1 14 0 1 14 1 mod_dav_svn is vulnerable to memory corruption cve 2024 45720 advisory txt pgp 1 0 0 1 10 8 1 14 0 1 14 3 subversion command line argument injection on windows platforms cve 2024 46901 advisory txt pgp 1 0 0 1 14 4 mod_dav_svn denial of service via control characters in paths
|