CVE-2015-0202
Subversion 1.8.0-1.8.11 - Denial of Service via REPORT Requests
Title source: llmDescription
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76446
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:192
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032100
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2721-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html
Vendor Advisory x_refsource_confirm
http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201610-05
Scores
EPSS
0.0208
EPSS Percentile
84.2%
Details
CWE
CWE-399
Status
published
Products (14)
apache/subversion
1.8.0
apache/subversion
1.8.1
apache/subversion
1.8.2
apache/subversion
1.8.3
apache/subversion
1.8.4
apache/subversion
1.8.5
apache/subversion
1.8.6
apache/subversion
1.8.7
apache/subversion
1.8.8
apache/subversion
1.8.9
... and 4 more
Published
Apr 08, 2015
Tracked Since
Feb 18, 2026