Signature Detail

HTTP: Apache Subversion mod_dav_svn Integer Overflow

This signature detects attempts to exploit Heap overflow vulnerability in the mod_dav_svn of Apache Subversion web servers. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.

Affected Products

• Apache subversion 1.7.0
• Apache subversion 1.7.1
• Apache subversion 1.7.10
• Apache subversion 1.7.11
• Apache subversion 1.7.12
• Apache subversion 1.7.13
• Apache subversion 1.7.14
• Apache subversion 1.7.15
• Apache subversion 1.7.16
• Apache subversion 1.7.17
• Apache subversion 1.7.18
• Apache subversion 1.7.19
• Apache subversion 1.7.2
• Apache subversion 1.7.20
• Apache subversion 1.7.3
• Apache subversion 1.7.4
• Apache subversion 1.7.5
• Apache subversion 1.7.6
• Apache subversion 1.7.7
• Apache subversion 1.7.8
• Apache subversion 1.7.9
• Apache subversion 1.8.0
• Apache subversion 1.8.1
• Apache subversion 1.8.10
• Apache subversion 1.8.11
• Apache subversion 1.8.12
• Apache subversion 1.8.13
• Apache subversion 1.8.14
• Apache subversion 1.8.2
• Apache subversion 1.8.3
• Apache subversion 1.8.4
• Apache subversion 1.8.5
• Apache subversion 1.8.6
• Apache subversion 1.8.7
• Apache subversion 1.8.8
• Apache subversion 1.8.9
• Apache subversion 1.9.0
• Apache subversion 1.9.1
• Apache subversion 1.9.2
• Debian debian_linux 8.0

References

• CVE: CVE-2015-5343