CVE-2013-4558
mod_dav_svn 1.7.11-1.7.13 and 1.8.1-1.8.4 - Denial of Service via Non-Canonical URL
Title source: llmDescription
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
References (7)
Core 7
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1033431
Patch, Vendor Advisory x_refsource_confirm
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/100363
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html
Scores
EPSS
0.0178
EPSS Percentile
83.0%
Details
CWE
CWE-20
Status
published
Products (8)
apache/mod_dav_svn
apache/subversion
1.7.11
apache/subversion
1.7.12
apache/subversion
1.7.13
apache/subversion
1.8.1
apache/subversion
1.8.2
apache/subversion
1.8.3
apache/subversion
1.8.4
Published
Dec 07, 2013
Tracked Since
Feb 18, 2026