CVE-2014-3580
subversion - security update
EPSS 13.7%
Description
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
How to fix CVE-2014-3580
To remediate CVE-2014-3580, upgrade the affected package to a fixed version below.
- Debian/subversion—upgrade to 1.8.10-5 or later
- Debian/subversion—upgrade to 1.6.12dfsg-7+deb6u1 or later
- Debian/subversion—upgrade to 1.6.17dfsg-4+deb7u7 or later
Is CVE-2014-3580 being exploited?
Moderate — EPSS is 13.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1.8.10-5
- from 0, < 1.6.12dfsg-7+deb6u1
- from 0, < 1.6.17dfsg-4+deb7u7