Your submission was sent successfully! Close

CVE-2011-1921

Published: 2 June 2011

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.

Priority

Medium

Status

Package Release Status
subversion
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (1.6.6dfsg-2ubuntu1.3)
maverick
Released (1.6.12dfsg-1ubuntu1.3)
natty
Released (1.6.12dfsg-4ubuntu2.1)
upstream
Released (1.6.17)
Patches:
upstream: http://svn.apache.org/viewvc?view=revision&revision=1130303