CVE-2011-1752

Summary

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

Impact & exploitability

AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products we track (2)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlAdvisory
• http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.htmlAdvisory
• http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.htmlAdvisory
• http://secunia.com/advisories/44633Advisory
• http://secunia.com/advisories/44681Advisory
• http://secunia.com/advisories/44849Advisory
• http://secunia.com/advisories/44879Advisory
• http://secunia.com/advisories/44888Advisory