First published: Wed Mar 17 2021(Updated: )
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Subversion | >=1.9.0<1.10.7 | |
Apache Subversion | >=1.11.0<1.14.1 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-17525.
The severity of CVE-2020-17525 is high with a CVSS score of 7.5.
CVE-2020-17525 affects Apache Subversion versions 1.9.0 to 1.10.7 and versions 1.11.0 to 1.14.1.
The impact of CVE-2020-17525 is that Subversion's mod_authz_svn module may crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL, leading to disruption for users of the service.
To fix CVE-2020-17525, users should upgrade to a version of Apache Subversion that is not affected by this vulnerability.