CVE-2014-8108

Related Files

Ubuntu Security Notice USN-2721-1

Posted Aug 21, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2721-1 - It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2014-3580, CVE-2014-8108, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187

SHA-256 | bf924d06c07de07ad62f90ddaca26ec6d2f16b7478d76f99c2a041bc556bda43

Download | Favorite | View

Apple Security Advisory 2015-03-09-4

Posted Mar 10, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-4 - Xcode 6.2 is now available and addresses spoofing and validation checking issues.

tags | advisory, spoof

systems | apple

advisories | CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108, CVE-2014-9390

SHA-256 | 4a50eb3c136fe092fc8abd8396cccba8eb128f4a15cfe7c70ec4f0d941b01848

Download | Favorite | View

Red Hat Security Advisory 2015-0166-01

Posted Feb 11, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0166-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote, web

systems | linux, redhat

advisories | CVE-2014-3528, CVE-2014-3580, CVE-2014-8108

SHA-256 | 14ceb39b1255e0e10f6f24ed01245c9f79aba9bce5d54637ab1fcd4c09d61d42

Download | Favorite | View

Mandriva Linux Security Advisory 2015-005

Posted Jan 6, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-005 - A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote

systems | linux, mandriva

advisories | CVE-2014-3580, CVE-2014-8108

SHA-256 | d13ea010371425cf8a9fd6eb8987085bef55351cbb1da6f338800d6a56ee2ebd

Download | Favorite | View