CVE-2015-0248
subversion - security update
EPSS 15.8%
Description
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
How to fix CVE-2015-0248
To remediate CVE-2015-0248, upgrade the affected package to a fixed version below.
- Debian/subversion—upgrade to 1.8.10-6 or later
- Debian/subversion—upgrade to 1.6.17dfsg-4+deb7u9 or later
Is CVE-2015-0248 being exploited?
Moderate — EPSS is 15.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.8.10-6
- from 0, < 1.6.17dfsg-4+deb7u9