CVE-2013-4505
LOW severity · CVSS 2.6 · CWE-264
2.6CVSS LOW
Summary
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)8%
AV:N/AC:H/Au:N/C:N/I:N/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://subversion.apache.org/security/CVE-2013-4505-advisory.txt ↗