CVE-2014-0032

Description

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.

How to fix CVE-2014-0032

To remediate CVE-2014-0032, upgrade the affected package to a fixed version below.

• Debian/subversion—upgrade to 1.8.8-1 or later

Is CVE-2014-0032 being exploited?

Moderate — EPSS is 27.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.8.8-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-0032