Subversion is an open source version control and software version control system that runs as a standalone server or as a module of the Apache HTTPD server. Recently, the denial of service vulnerability was fixed officially.
CVE-2018-11803: The vulnerability is caused by improper dereference of an uninitialized pointer variable. A remote attacker could exploit this vulnerability by sending a recursive directory listing request. Successful exploitation could cause denial of service conditions of the target Subversion server.
Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11803
- Apache Software Foundation Subversion 1.10.0 through 1.10.3
- Apache Software Foundation Subversion 1.11.0
Update the official fixes to avoid being affected by the vulnerability
Official advice: http://subversion.apache.org/security/CVE-2018-11803-advisory.txt
[Hillstone Networks Solutions]
Hillstone Networks has added signatures to the IPS signature database version 2.1.276. By deploying any Hillstone Networks solution with the IPS function, Apache Subversion mod_dav_svn Denial of Service Vulnerability can be quickly detected and effectively intercepted, preventing the server from being attacked.
Threat Events Detected by Hillstone Solutions
Vulnerability Detail Description