Vulnerability CVE-2013-4505
Published: 2013-12-07   Modified: 2013-12-08

Description:
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
mod_dontdothat 1.8.0 does not restrict requests from serf based clients.
Ben Reser
10.12.2013

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Apache -> Mod dontdothat 
Apache -> Subversion 

 References:
http://subversion.apache.org/security/CVE-2013-4505-advisory.txt
http://secunia.com/advisories/55855
http://osvdb.org/100364
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html
Copyright 2024, cxsecurity.com

 

Back to Top