CVE-2014-8108 - Vulnerability Details

CVE-2014-8108 - subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Subversion
Apple	Xcode
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation

Configuration 1 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:apache:subversion:1.0.0:::::::*
	cpe:2.3:a:apache:subversion:1.0.1:::::::*
	cpe:2.3:a:apache:subversion:1.0.2:::::::*
	cpe:2.3:a:apache:subversion:1.0.3:::::::*
	cpe:2.3:a:apache:subversion:1.0.4:::::::*
	cpe:2.3:a:apache:subversion:1.0.5:::::::*
	cpe:2.3:a:apache:subversion:1.0.6:::::::*
	cpe:2.3:a:apache:subversion:1.0.7:::::::*
	cpe:2.3:a:apache:subversion:1.0.8:::::::*
	cpe:2.3:a:apache:subversion:1.0.9:::::::*
	cpe:2.3:a:apache:subversion:1.1.0:::::::*
	cpe:2.3:a:apache:subversion:1.1.1:::::::*
	cpe:2.3:a:apache:subversion:1.1.2:::::::*
	cpe:2.3:a:apache:subversion:1.1.3:::::::*
	cpe:2.3:a:apache:subversion:1.1.4:::::::*
	cpe:2.3:a:apache:subversion:1.2.0:::::::*
	cpe:2.3:a:apache:subversion:1.2.1:::::::*
	cpe:2.3:a:apache:subversion:1.2.2:::::::*
	cpe:2.3:a:apache:subversion:1.2.3:::::::*
	cpe:2.3:a:apache:subversion:1.3.0:::::::*
	cpe:2.3:a:apache:subversion:1.3.1:::::::*
	cpe:2.3:a:apache:subversion:1.3.2:::::::*
	cpe:2.3:a:apache:subversion:1.4.0:::::::*
	cpe:2.3:a:apache:subversion:1.4.1:::::::*
	cpe:2.3:a:apache:subversion:1.4.2:::::::*
	cpe:2.3:a:apache:subversion:1.4.3:::::::*
	cpe:2.3:a:apache:subversion:1.4.4:::::::*
	cpe:2.3:a:apache:subversion:1.4.5:::::::*
	cpe:2.3:a:apache:subversion:1.4.6:::::::*
	cpe:2.3:a:apache:subversion:1.5.0:::::::*
	cpe:2.3:a:apache:subversion:1.5.1:::::::*
	cpe:2.3:a:apache:subversion:1.5.2:::::::*
	cpe:2.3:a:apache:subversion:1.5.3:::::::*
	cpe:2.3:a:apache:subversion:1.5.4:::::::*
	cpe:2.3:a:apache:subversion:1.5.5:::::::*
	cpe:2.3:a:apache:subversion:1.5.6:::::::*
	cpe:2.3:a:apache:subversion:1.5.7:::::::*
	cpe:2.3:a:apache:subversion:1.5.8:::::::*
	cpe:2.3:a:apache:subversion:1.6.0:::::::*
	cpe:2.3:a:apache:subversion:1.6.1:::::::*
	cpe:2.3:a:apache:subversion:1.6.2:::::::*
	cpe:2.3:a:apache:subversion:1.6.3:::::::*
	cpe:2.3:a:apache:subversion:1.6.4:::::::*
	cpe:2.3:a:apache:subversion:1.6.5:::::::*
	cpe:2.3:a:apache:subversion:1.6.6:::::::*
	cpe:2.3:a:apache:subversion:1.6.7:::::::*
	cpe:2.3:a:apache:subversion:1.6.8:::::::*
	cpe:2.3:a:apache:subversion:1.6.9:::::::*
	cpe:2.3:a:apache:subversion:1.6.10:::::::*
	cpe:2.3:a:apache:subversion:1.6.11:::::::*
	cpe:2.3:a:apache:subversion:1.6.12:::::::*
	cpe:2.3:a:apache:subversion:1.6.13:::::::*
	cpe:2.3:a:apache:subversion:1.6.14:::::::*
	cpe:2.3:a:apache:subversion:1.6.15:::::::*
	cpe:2.3:a:apache:subversion:1.6.16:::::::*
	cpe:2.3:a:apache:subversion:1.6.17:::::::*
	cpe:2.3:a:apache:subversion:1.6.18:::::::*
	cpe:2.3:a:apache:subversion:1.6.19:::::::*
	cpe:2.3:a:apache:subversion:1.6.20:::::::*
	cpe:2.3:a:apache:subversion:1.6.21:::::::*
	cpe:2.3:a:apache:subversion:1.6.23:::::::*
	cpe:2.3:a:apache:subversion:1.7.0:::::::*
	cpe:2.3:a:apache:subversion:1.7.1:::::::*
	cpe:2.3:a:apache:subversion:1.7.2:::::::*
cpe:2.3:a:apache:subversion:1.7.3:::::::*
cpe:2.3:a:apache:subversion:1.7.4:::::::*
cpe:2.3:a:apache:subversion:1.7.5:::::::*
cpe:2.3:a:apache:subversion:1.7.6:::::::*
cpe:2.3:a:apache:subversion:1.7.7:::::::*
cpe:2.3:a:apache:subversion:1.7.8:::::::*
cpe:2.3:a:apache:subversion:1.7.9:::::::*
cpe:2.3:a:apache:subversion:1.7.10:::::::*
cpe:2.3:a:apache:subversion:1.7.11:::::::*
cpe:2.3:a:apache:subversion:1.7.12:::::::*
cpe:2.3:a:apache:subversion:1.7.13:::::::*
cpe:2.3:a:apache:subversion:1.7.14:::::::*
cpe:2.3:a:apache:subversion:1.7.15:::::::*
cpe:2.3:a:apache:subversion:1.7.16:::::::*
cpe:2.3:a:apache:subversion:1.7.17:::::::*
cpe:2.3:a:apache:subversion:1.7.18:::::::*
cpe:2.3:a:apache:subversion:1.7.19:::::::*
cpe:2.3:a:apache:subversion:1.8.0:::::::*
cpe:2.3:a:apache:subversion:1.8.1:::::::*
cpe:2.3:a:apache:subversion:1.8.2:::::::*
cpe:2.3:a:apache:subversion:1.8.3:::::::*
cpe:2.3:a:apache:subversion:1.8.4:::::::*
cpe:2.3:a:apache:subversion:1.8.5:::::::*
cpe:2.3:a:apache:subversion:1.8.6:::::::*
cpe:2.3:a:apache:subversion:1.8.7:::::::*
cpe:2.3:a:apache:subversion:1.8.8:::::::*
cpe:2.3:a:apache:subversion:1.8.10:::::::*

Configuration 3 [-]

cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
subversion-0:1.7.14-7.el7_0	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0166	2015-02-10T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
http://rhn.redhat.com/errata/RHSA-2015-0166.html
http://secunia.com/advisories/61131
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
http://www.securityfocus.com/bid/71725
http://www.ubuntu.com/usn/USN-2721-1
https://nvd.nist.gov/vuln/detail/CVE-2014-8108
https://support.apple.com/HT204427
https://www.cve.org/CVERecord?id=CVE-2014-8108

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-12-18T15:00:00

Updated: 2024-08-06T13:10:50.164Z

Reserved: 2014-10-10T00:00:00

Link: CVE-2014-8108

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-12-18T15:59:01.350

Modified: 2024-11-21T02:18:34.343

Link: CVE-2014-8108

Redhat

Severity : Moderate

Publid Date: 2014-12-15T00:00:00Z

Links: CVE-2014-8108 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"}, {"name": "RHSA-2015:0166", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT204427"}, {"name": "71725", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71725"}, {"name": "APPLE-SA-2015-03-09-4", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"}, {"name": "61131", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61131"}, {"name": "USN-2721-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2721-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8108", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt", "refsource": "CONFIRM", "url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"}, {"name": "RHSA-2015:0166", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"}, {"name": "https://support.apple.com/HT204427", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204427"}, {"name": "71725", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71725"}, {"name": "APPLE-SA-2015-03-09-4", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"}, {"name": "61131", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61131"}, {"name": "USN-2721-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2721-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:50.164Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"}, {"name": "RHSA-2015:0166", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT204427"}, {"name": "71725", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71725"}, {"name": "APPLE-SA-2015-03-09-4", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"}, {"name": "61131", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61131"}, {"name": "USN-2721-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2721-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8108", "datePublished": "2014-12-18T15:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:50.164Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D75936BB-5BE4-4B8C-B2A0-2BE13B713AE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BFCE3B89-46A6-4D1F-AFB3-FCB6C3B66245", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E4DFB08D-01C2-4D95-8EB2-81F5C27AC656", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A3625A8E-A326-4DCE-9CFB-B0E38FC54B6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "106C86D0-84D9-4F44-821F-FD0D49EB32E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "156DD5C1-C2C3-4AD7-B432-79CC3EC32B63", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "75551DEC-A2BE-453D-9ABA-B3041A2607C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CB5A2F0A-E06E-40C6-98C1-4343AA9C2EFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "0FC70E13-59B6-4A75-9AF0-D38CCAB2D117", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "8316A374-3E3E-4FBA-AB57-9244812C8E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EB42901-B207-4B41-B09C-91153A19C7D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E3DA7ADC-6A81-4250-B6E1-4E4425156941", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "83D766B5-5F07-44F1-A488-127D18510989", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2C8479EC-930C-47DB-9A02-E7B2F9101E5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D1D47331-B23A-4A6E-8F14-74628F0E1846", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9E2C35C-FEBA-4525-8A38-9C170B34FA07", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A098CEF5-04BE-48C0-8414-AFC9D03771E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C39739A0-8C23-4167-B63D-1000F9D3B684", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "0FD13E19-4B9C-4DBD-9339-7BFE5377689F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "35C2CFEF-2F6D-4F9A-9DDF-4CC6448BADC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D04C072-7D90-428F-A226-BAD0105D22B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "856959BA-9945-4AA8-95D3-B3752C0D895D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "13109084-931E-4565-BEE5-794B83E6978D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4ED3EA46-88F7-438D-B8FC-D6C5E1C8984C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "726B9C10-ACD5-41C2-A552-FD0046A75966", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "87D72A75-EDB9-4AD1-B6FC-8A918804DE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B55A7A26-C994-4956-BBE7-BF3A51971295", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "FB9E26AB-915A-477F-BA5C-10965A7098F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "DFD49A9B-16A7-4362-8D62-6EB5ECBE4296", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B0CB798-F4ED-44E5-9B15-B7009EAC6303", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC3F6E5C-CF55-4CEB-A5B6-D49E0234FF3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C2C1DD29-88D2-49DE-9B77-D925A4B9EB7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "67130DAF-AE81-43D2-A208-58A53746A7E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "FB9F8426-38CB-46B4-B0D0-8D16B48DD53F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "90631FFA-9AB2-483D-B162-31A47428D280", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "8BD5A981-3FDD-4E74-8EB2-5F324246FFF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "88F4E8C9-671B-4DA3-9D0D-98539D8D4FE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "341F900B-5179-4CB4-9F41-91B58B29C414", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F34F463-6350-4F48-B037-856DDBB1A4FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2C813BA-B8F9-446B-A07F-B51F26815578", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "3DF4080D-0D95-429E-88AA-1051A5520C01", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "CF50F098-A055-4B79-AC35-6BD6F32D70F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "540461D4-87F4-42AB-ADDC-C7A067FE2893", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "3E676744-C623-4894-8764-43588E56D2FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "669735D1-1C14-4CD7-AA7C-AD2CA63A1979", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "D4C568FD-54BC-4506-AF60-BFE7CE14D0F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "D5F71F24-D909-49D9-8B4F-FA757FDF1C25", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "034D1C36-B73E-443E-A6B4-44CC6E7BC043", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "6D373245-8384-45E4-BE2E-E0518BD7F84F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "EED44413-D313-4588-9A4B-25F79D0925A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "C193EB08-BBC2-43A2-B11A-9C7E2098862D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "022A5BCE-A1DC-48E2-829D-AD9261562095", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "155F83A1-A04A-48C0-A801-B38F129F310F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "302DC06D-5FB1-4EF9-B5E1-6407B88D65FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "27A15D05-29BA-4CCC-9348-A516E1E2C079", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "2004B474-9869-445D-957D-20EF254FB461", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8F91A5E0-0DD8-47DD-B52E-A15E8064945F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*", "matchCriteriaId": "9C34BE8D-6DFF-4E57-971C-8CCEF13E6500", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "2CDBC5BA-6A3C-4DB9-BE16-83A4EB85100C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*", "matchCriteriaId": "DF1B4950-4D56-47A2-BCE8-FB3714EA1B2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*", "matchCriteriaId": "3194C6CE-3E8A-4861-AED1-942824974AE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D102460-B5D5-46C4-8021-7C3510A5FCF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "92265E60-7BBF-4E8E-A438-4132D8FD57BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "346DE008-472F-47E1-8B96-F968C7D0A003", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "4C9BDB22-29E0-48A3-8765-FAC6A3442A35", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "FA5EB3A7-DE33-42CB-9B5E-646B9D4FFBFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "F63AB9E5-FD99-40A8-B24F-623BDDBCA427", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "0CEA6C3E-C41B-4EF9-84E1-72BC6B72D1C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "B0B873C1-E7D6-4E55-A5A7-85000B686071", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "87D2E8DD-4225-476A-AF17-7621C9A28391", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "40D913E2-0FBD-4F6C-8A21-43A0681237BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "4B869CEB-7637-48C3-8A4C-171CFB766B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "75CF5BC1-7071-48A3-86A9-C843485CAED5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*", "matchCriteriaId": "9EB23250-EBD2-4A5F-BF5E-1DAE1A64EF0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "200DB058-C9F0-4983-AF99-EBB8FC2E7875", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*", "matchCriteriaId": "57697AAD-5264-4C05-89E4-0228DEF2E9DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*", "matchCriteriaId": "24295270-DCBF-4FF3-88F7-E9A30B6388E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*", "matchCriteriaId": "22E754F2-5D3D-437E-BB15-693D2EB58DA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*", "matchCriteriaId": "CF4232D2-1F70-4A06-BD11-A0DFE6CE0744", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "A3256F8C-2CA8-43B5-96E5-794113FF531B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*", "matchCriteriaId": "593F15F7-E610-458B-B094-BF6AC53B719A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC0E7811-3B60-46E7-943C-E0E7ED00FB01", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "A57A3347-6C48-4803-AB4E-A4BC0E6BFA41", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "50D26799-D038-470A-A468-58DBDB64A7E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "D3769BD6-B104-4F74-B8C4-89398A8894FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "9757DD5E-42A6-44B8-9692-49690F60C8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "A7B5A014-D4EE-4244-AABA-0873492F7295", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "CD9F8C2A-A94E-4D99-839B-47AAE8754191", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "69D29A9E-DB23-4D86-B4A3-3C4F663416AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D86AEE89-9F8E-43A5-A888-F421B10DB2C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "D4EF7D71-3AAF-4112-831A-3538C5B82594", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "81EE9433-C21F-4902-B37E-CF4FC1132B72", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist."}, {"lang": "es", "value": "El m\u00f3dulo mod_dav del servidor Apache HTTPD en Apache Subversion 1.7.x anterior a 1.7.19 y 1.8.x anterior a 1.8.11 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda) a trav\u00e9s de una petici\u00f3n a una URI que dispara una b\u00fasqueda para un nombre de transacci\u00f3n virtual que no existe."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "id": "CVE-2014-8108", "lastModified": "2024-11-21T02:18:34.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-18T15:59:01.350", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61131"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/71725"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2721-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT204427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71725"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2721-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT204427"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Subversion project for reporting this issue. Upstream acknowledges Evgeny Kotkov (VisualSVN) as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:0166", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "subversion-0:1.7.14-7.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-02-10T00:00:00Z"}], "bugzilla": {"description": "subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names", "id": "1174057", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174057"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-476", "details": ["The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.", "A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash."], "name": "CVE-2014-8108", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "subversion", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "subversion", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2014-12-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8108\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8108\nhttp://subversion.apache.org/security/CVE-2014-8108-advisory.txt"], "statement": "This issue did not affect the versions of subversion as shipped with Red Hat Enterprise Linux 5 and 6.", "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object