VYPR

Mod Dav Svn

by Apache

Source repositories

CVEs (6)

  • CVE-2026-29169HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.01

    A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from…

  • CVE-2016-6312MedJul 17, 2017
    risk 0.42cvss 6.5epss 0.02

    The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of…

  • CVE-2018-11803Feb 5, 2019
    risk 0.01cvss epss 0.58

    Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

  • CVE-2015-0202Apr 8, 2015
    risk 0.01cvss epss 0.08

    The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.

  • CVE-2013-1846May 2, 2013
    risk 0.01cvss epss 0.07

    The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.

  • CVE-2013-4558Dec 7, 2013
    risk 0.00cvss epss 0.06

    The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion…