Vulnerability Details : CVE-2013-4558
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-4558
Probability of exploitation activity in the next 30 days: 2.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4558
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2013-4558
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4558
-
https://bugzilla.redhat.com/show_bug.cgi?id=1033431
1033431 – (CVE-2013-4558) CVE-2013-4558 subversion: mod_dav_svn assertion when handling certain requests with autoversioning enabled
-
https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc
Merge r1542071 from trunk. · apache/subversion@2c77c43 · GitHub
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html
openSUSE-SU-2013:1860-1: moderate: subversion: update to 1.7.14
-
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
Patch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html
openSUSE-SU-2013:1836-1: moderate: subversion: update to 1.8.5
-
https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d
* subversion/mod_dav_svn/mod_dav_svn.c: · apache/subversion@647e3f8 · GitHub
-
http://osvdb.org/100363
Products affected by CVE-2013-4558
- cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:mod_dav_svn:-:*:*:*:*:*:*:*