Improper Input Validation
CVE-2014-0032
Summary
The "get_resource" function in "repos.c" in the "mod_dav_svn" module in Apache subversion versions 1.3.0-rc1 through 1.7.14 and 1.8.0-rc1 through 1.8.5, when "SVNListParentPath" is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Advisory Timeline
- Published