 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.842420 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-2721-1) |
| Summary: | The remote host is missing an update for the 'subversion' package(s) announced via the USN-2721-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'subversion' package(s) announced via the USN-2721-1 advisory. Vulnerability Insight: It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108) Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. A remote attacker could use this issue to spoof the svn:author property. (CVE-2015-0251) C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187) Affected Software/OS: 'subversion' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 15.04. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3580 http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html BugTraq ID: 71726 http://www.securityfocus.com/bid/71726 Debian Security Information: DSA-3107 (Google Search) http://www.debian.org/security/2014/dsa-3107 RedHat Security Advisories: RHSA-2015:0165 http://rhn.redhat.com/errata/RHSA-2015-0165.html RedHat Security Advisories: RHSA-2015:0166 http://rhn.redhat.com/errata/RHSA-2015-0166.html http://secunia.com/advisories/61131 http://www.ubuntu.com/usn/USN-2721-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8108 BugTraq ID: 71725 http://www.securityfocus.com/bid/71725 Common Vulnerability Exposure (CVE) ID: CVE-2015-0202 BugTraq ID: 76446 http://www.securityfocus.com/bid/76446 https://security.gentoo.org/glsa/201610-05 http://www.mandriva.com/security/advisories?name=MDVSA-2015:192 http://www.securitytracker.com/id/1032100 SuSE Security Announcement: openSUSE-SU-2015:0672 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0248 http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html BugTraq ID: 74260 http://www.securityfocus.com/bid/74260 Debian Security Information: DSA-3231 (Google Search) http://www.debian.org/security/2015/dsa-3231 RedHat Security Advisories: RHSA-2015:1633 http://rhn.redhat.com/errata/RHSA-2015-1633.html RedHat Security Advisories: RHSA-2015:1742 http://rhn.redhat.com/errata/RHSA-2015-1742.html http://www.securitytracker.com/id/1033214 Common Vulnerability Exposure (CVE) ID: CVE-2015-0251 BugTraq ID: 74259 http://www.securityfocus.com/bid/74259 http://seclists.org/fulldisclosure/2015/Jun/32 Common Vulnerability Exposure (CVE) ID: CVE-2015-3184 http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html BugTraq ID: 76274 http://www.securityfocus.com/bid/76274 Debian Security Information: DSA-3331 (Google Search) http://www.debian.org/security/2015/dsa-3331 http://www.securitytracker.com/id/1033215 SuSE Security Announcement: openSUSE-SU-2015:1401 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2015-3187 BugTraq ID: 76273 http://www.securityfocus.com/bid/76273 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |