CVE-2013-4505
Apache Subversion 1.4.0-1.7.13/1.8.0-1.8.4 - Access Restriction Bypass via REPORT Request
Title source: llmDescription
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55855
Patch, Vendor Advisory x_refsource_confirm
http://subversion.apache.org/security/CVE-2013-4505-advisory.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/100364
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html
Scores
EPSS
0.0164
EPSS Percentile
82.2%
Details
CWE
CWE-264
Status
published
Products (50)
apache/mod_dontdothat
apache/subversion
1.4.0
apache/subversion
1.4.1
apache/subversion
1.4.2
apache/subversion
1.4.3
apache/subversion
1.4.4
apache/subversion
1.4.5
apache/subversion
1.4.6
apache/subversion
1.5.0
apache/subversion
1.5.1
... and 40 more
Published
Dec 07, 2013
Tracked Since
Feb 18, 2026