CVE-2015-0251

CVE information

Published

7 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences..

CVSSv2.0 Score

Severity
Medium
Base Score
4/10
Exploit Score
8/10
Access Vector
Network
Access Complexity
Low
Authentication Required
Single
Impact Score
2.9/10
Confidentiality Impact
None
Availability Impact
None
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*
  Yes
- -

Get started for free to scan for vulnerabilities

Companies of all sizes use Mageni Vulnerability Scanner. Is free for 7-days then $39 monthly regardless of how many IPs, scans, deployments or users you have. Cancel at Anytime and 7-days Money-Back Guarantee. Mageni contributes 1% of your subscription to removing CO₂ from the atmosphere.

Get Started For Free
App screenshot