{"containers": {"cna": {"affected": [{"product": "Apache Subversion", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0"}]}], "descriptions": [{"lang": "en", "value": "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-26T15:55:30", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2018-11782", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Subversion", "version": {"version_data": [{"version_value": "Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt", "refsource": "MISC", "url": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:17:09.221Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-11782", "datePublished": "2019-09-26T15:55:30", "dateReserved": "2018-06-05T00:00:00", "dateUpdated": "2024-08-05T08:17:09.221Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*", "matchCriteriaId": "50DD0181-B9AA-42E5-813E-8912532052BB", "versionEndIncluding": "1.9.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*", "matchCriteriaId": "198D8E5E-4D92-43C4-8C30-C940255B4FB0", "versionEndIncluding": "1.10.4", "versionStartIncluding": "1.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*", "matchCriteriaId": "A45E5978-D958-44EB-8434-63078915B03C", "versionEndIncluding": "1.11.1", "versionStartIncluding": "1.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "C60BCD44-BA16-4A6F-9B4D-2BA89601C76F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server."}, {"lang": "es", "value": "En Apache Subversion versiones hasta 1.9.10, 1.10.4, 1.12.0 incluy\u00e9ndolas, el proceso del servidor svnserve de Subversion puede cerrarse cuando una petici\u00f3n de solo lectura bien formada produce una respuesta en particular. Esto puede conllevar a interrupciones para usuarios del servidor."}], "id": "CVE-2018-11782", "lastModified": "2024-11-21T03:44:01.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-26T16:15:10.363", "references": [{"source": "security@apache.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://subversion.apache.org/security/CVE-2018-11782-advisory.txt"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Subversion project (Apache Software Foundation) for reporting this issue. Upstream acknowledges Ace Olszowka (Build Master at Computers Unlimited) as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:3972", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "subversion-0:1.7.14-16.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4712", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "subversion:1.10-8030020200519083055.9ce6d490", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'", "id": "1733088", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733088"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-617", "details": ["In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server."], "name": "CVE-2018-11782", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "subversion", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "subversion", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-07-31T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-11782\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11782\nhttps://subversion.apache.org/security/CVE-2018-11782-advisory.txt"], "statement": "An authenticated user can cause subversion server (svnserve) process to crash by sending a well-formed read-only request which produces a particular answer. Exploitation results in denial of service by crashing an svnserve process. The impact of this differs depending on how svnserve is launched, including the different run modes selected by options such as \"svnserve -d\", \"svnserve -T -d\", \"svnserve -t\", and \"svnserve -i\". mod_dav_svn is not affected by this flaw.", "threat_severity": "Moderate", "upstream_fix": "subversion 1.12.2, subversion 1.10.6, subversion 1.9.12"}