NVD Vulnerability Detail

CVE-2011-1783

Summary	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
Publication Date	June 7, 2011, 4:55 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:27 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:subversion::::::::	1.6.0			1.6.17
cpe:2.3:a:apache:subversion::::::::	1.5.0	1.5.8

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:5.0:::::::*
cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:15:::::::*
cpe:2.3:o:fedoraproject:fedora:14:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:apple:mac_os_x::::::::					10.7.3

Related information, measures and tools

No	URL	タグ
1	http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	Mailing List Third Party Advisory
2	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html	Third Party Advisory
3	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html	Third Party Advisory
4	http://secunia.com/advisories/44633	Third Party Advisory
5	http://secunia.com/advisories/44681	Third Party Advisory
6	http://secunia.com/advisories/44849	Third Party Advisory
7	http://secunia.com/advisories/44888	Third Party Advisory
8	http://secunia.com/advisories/45162	Third Party Advisory
9	http://subversion.apache.org/security/CVE-2011-1783-advisory.txt	Vendor Advisory
10	http://support.apple.com/kb/HT5130	Third Party Advisory
11	http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES	Release Notes Vendor Advisory
12	http://www.debian.org/security/2011/dsa-2251	Third Party Advisory
13	http://www.mandriva.com/security/advisories?name=MDVSA-2011:106	Third Party Advisory
14	http://www.redhat.com/support/errata/RHSA-2011-0862.html	Third Party Advisory
15	http://www.securityfocus.com/bid/48091	Third Party Advisory VDB Entry
16	http://www.securitytracker.com/id?1025618	Third Party Advisory VDB Entry
17	http://www.ubuntu.com/usn/USN-1144-1	Third Party Advisory
18	https://bugzilla.redhat.com/show_bug.cgi?id=709112	Issue Tracking Third Party Advisory
19	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18889	Third Party Advisory
20	http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	Mailing List Third Party Advisory
21	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18889	Third Party Advisory
22	https://bugzilla.redhat.com/show_bug.cgi?id=709112	Issue Tracking Third Party Advisory
23	http://www.ubuntu.com/usn/USN-1144-1	Third Party Advisory
24	http://www.securitytracker.com/id?1025618	Third Party Advisory VDB Entry
25	http://www.securityfocus.com/bid/48091	Third Party Advisory VDB Entry
26	http://www.redhat.com/support/errata/RHSA-2011-0862.html	Third Party Advisory
27	http://www.mandriva.com/security/advisories?name=MDVSA-2011:106	Third Party Advisory
28	http://www.debian.org/security/2011/dsa-2251	Third Party Advisory
29	http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES	Release Notes Vendor Advisory
30	http://support.apple.com/kb/HT5130	Third Party Advisory
31	http://subversion.apache.org/security/CVE-2011-1783-advisory.txt	Vendor Advisory
32	http://secunia.com/advisories/45162	Third Party Advisory
33	http://secunia.com/advisories/44888	Third Party Advisory
34	http://secunia.com/advisories/44849	Third Party Advisory
35	http://secunia.com/advisories/44681	Third Party Advisory
36	http://secunia.com/advisories/44633	Third Party Advisory
37	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html	Third Party Advisory
38	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html	Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

Apache Subversion で利用される Apache HTTP Server におけるサービス運用妨害 (DoS) の脆弱性

Title	Apache Subversion で利用される Apache HTTP Server におけるサービス運用妨害 (DoS) の脆弱性
Summary	Apache Subversion で利用される Apache HTTP Server の mod_dav_svn モジュールには、SVNPathAuthz short_circuit オプションが有効なとき、サービス運用妨害（無限ループ、およびメモリ消費) 状態となる脆弱性が存在します。
Possible impacts	第三者により、データ要求の状況により、サービス運用妨害（無限ループ、およびメモリ消費) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 6, 2011, midnight
Registration Date	June 21, 2011, 7:57 a.m.
Last Update	July 21, 2011, 9:56 a.m.

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux EUS 5.6.z (server)

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Long Life (v. 5.6 server)

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Server EUS 6.1.z

Red Hat Enterprise Linux Workstation 6

RHEL Desktop Workstation 5 (client)

Apache Software Foundation

Apache Subversion 1.6.17 未満

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1783	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783
National Vulnerability Database (NVD)
2	CVE-2011-1783	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1783
Subversion
3	CVE-2011-1783-advisory	http://subversion.apache.org/security/CVE-2011-1783-advisory.txt

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	subversion-1.6.11-7.AXS3.4	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1454
Red Hat Security Advisory
2	RHSA-2011:0862	https://rhn.redhat.com/errata/RHSA-2011-0862.html
Subversion
3	Subversion 1.6.17 Released	http://svn.haxx.se/dev/archive-2011-06/0030.shtml

その他

No	Name	URL
Secunia Advisory
1	SA44681	http://secunia.com/advisories/44681
SecurityFocus
2	48091	http://www.securityfocus.com/bid/48091
SecurityTracker
3	1025618	http://www.securitytracker.com/id/1025618

Change Log

No	Changed Details	Date of change
0	[2011年06月21日] 掲載 [2011年07月21日] 影響を受けるシステム：ミラクル・リナックス (subversion-1.6.11-7.AXS3.4) の情報を追加ベンダ情報：ミラクル・リナックス (subversion-1.6.11-7.AXS3.4) を追加	Feb. 17, 2018, 10:37 a.m.