Vulnerability Notification: Apache Subversion mod_dav_svn Denial of Service

[Overview]

Subversion is an open source version control and software version control system that runs as a standalone server or as a module of the Apache HTTPD server. Recently, the denial of service vulnerability was fixed officially.

[Vulnerability Details]

CVE-2018-11803: The vulnerability is caused by improper dereference of an uninitialized pointer variable. A remote attacker could exploit this vulnerability by sending a recursive directory listing request. Successful exploitation could cause denial of service conditions of the target Subversion server.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11803

[Severity]

High

[Affected Versions]

  • Apache Software Foundation Subversion 1.10.0 through 1.10.3
  • Apache Software Foundation Subversion 1.11.0

[Suggestions]

Update the official fixes to avoid being affected by the vulnerability

Official advice: http://subversion.apache.org/security/CVE-2018-11803-advisory.txt

[Hillstone Networks Solutions]

Hillstone Networks has added signatures to the IPS signature database version 2.1.276. By deploying any Hillstone Networks solution with the IPS function, Apache Subversion mod_dav_svn Denial of Service Vulnerability can be quickly detected and effectively intercepted, preventing the server from being attacked.

Threat Events Detected by Hillstone Solutions

Vulnerability Detail Description