CVE-2011-1783

Description

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.

How to fix CVE-2011-1783

To remediate CVE-2011-1783, upgrade the affected package to a fixed version below.

• Debian/subversion—upgrade to 1.6.17dfsg-1 or later

Is CVE-2011-1783 being exploited?

Moderate — EPSS is 11.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.6.17dfsg-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1783