Vulnerability Details CVE-2020-17525
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Exploit prediction scoring system (EPSS) score
EPSS Score 0.116
EPSS Ranking 93.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
Products affected by CVE-2020-17525
-
cpe:2.3:a:apache:subversion:1.10.0
-
cpe:2.3:a:apache:subversion:1.10.2
-
cpe:2.3:a:apache:subversion:1.10.3
-
cpe:2.3:a:apache:subversion:1.10.4
-
cpe:2.3:a:apache:subversion:1.10.5
-
cpe:2.3:a:apache:subversion:1.10.6
-
cpe:2.3:a:apache:subversion:1.11.0
-
cpe:2.3:a:apache:subversion:1.11.1
-
cpe:2.3:a:apache:subversion:1.12.0
-
cpe:2.3:a:apache:subversion:1.12.1
-
cpe:2.3:a:apache:subversion:1.12.2
-
cpe:2.3:a:apache:subversion:1.13.0
-
cpe:2.3:a:apache:subversion:1.14.0
-
cpe:2.3:a:apache:subversion:1.9.0
-
cpe:2.3:a:apache:subversion:1.9.1
-
cpe:2.3:a:apache:subversion:1.9.10
-
cpe:2.3:a:apache:subversion:1.9.2
-
cpe:2.3:a:apache:subversion:1.9.3
-
cpe:2.3:a:apache:subversion:1.9.4
-
cpe:2.3:a:apache:subversion:1.9.5
-
cpe:2.3:a:apache:subversion:1.9.6
-
cpe:2.3:o:debian:debian_linux:9.0