| 2021-02-15 10:30:07 |
it0001 |
description |
An error in the mod_authz_svn module can be exploited to trigger a NULL pointer dereference and subsequently cause a crash via a specially crafted request.
Successful exploitation of this vulnerability requires the Apache HTTPD server to be configured to use an in-repository authz file with certain configuration directives (please see the vendor's advisory for further details).
The vulnerability is reported in versions 1.9.0 through 1.10.6 and 1.11.0 through 1.14.0.
Affected Software
The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected.
Apache Subversion 1.x
Please note: If the affected software is not installed on your device / client / server or if the software is CI‑managed, no further action is required by you.
Solution
Update to version 1.14.1 or 1.10.7.
References
1. https://subversion.apache.org/security/CVE-2020-17525-advisory.txt <https://subversion.apache.org/security/CVE-2020-17525-advisory.txt>
Please take appropriate measures. |
An error in the mod_authz_svn module can be exploited to trigger a NULL pointer dereference and subsequently cause a crash via a specially crafted request.
Successful exploitation of this vulnerability requires the Apache HTTPD server to be configured to use an in-repository authz file with certain configuration directives (please see the vendor's advisory for further details).
The vulnerability is reported in versions 1.9.0 through 1.10.6 and 1.11.0 through 1.14.0.
Affected Software
The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected.
Apache Subversion 1.x
Solution
Update to version 1.14.1 or 1.10.7.
References
1. https://subversion.apache.org/security/CVE-2020-17525-advisory.txt <https://subversion.apache.org/security/CVE-2020-17525-advisory.txt>
Please take appropriate measures. |
|
