CVE-2011-1921

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-1921
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html
http://secunia.com/advisories/44633 Vendor Advisory
http://secunia.com/advisories/44681 Vendor Advisory
http://secunia.com/advisories/44849
http://secunia.com/advisories/44888
http://secunia.com/advisories/45162
http://subversion.apache.org/security/CVE-2011-1921-advisory.txt Vendor Advisory
http://support.apple.com/kb/HT5130
http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
http://www.debian.org/security/2011/dsa-2251
http://www.mandriva.com/security/advisories?name=MDVSA-2011:106
http://www.redhat.com/support/errata/RHSA-2011-0862.html
http://www.securityfocus.com/bid/48091
http://www.securitytracker.com/id?1025619
http://www.ubuntu.com/usn/USN-1144-1
https://bugzilla.redhat.com/show_bug.cgi?id=709114
https://exchange.xforce.ibmcloud.com/vulnerabilities/67804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html
http://secunia.com/advisories/44633 Vendor Advisory
http://secunia.com/advisories/44681 Vendor Advisory
http://secunia.com/advisories/44849
http://secunia.com/advisories/44888
http://secunia.com/advisories/45162
http://subversion.apache.org/security/CVE-2011-1921-advisory.txt Vendor Advisory
http://support.apple.com/kb/HT5130
http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
http://www.debian.org/security/2011/dsa-2251
http://www.mandriva.com/security/advisories?name=MDVSA-2011:106
http://www.redhat.com/support/errata/RHSA-2011-0862.html
http://www.securityfocus.com/bid/48091
http://www.securitytracker.com/id?1025619
http://www.ubuntu.com/usn/USN-1144-1
https://bugzilla.redhat.com/show_bug.cgi?id=709114
https://exchange.xforce.ibmcloud.com/vulnerabilities/67804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
History

21 Nov 2024, 01:27

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html - () http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html -
References () http://secunia.com/advisories/44633 - Vendor Advisory () http://secunia.com/advisories/44633 - Vendor Advisory
References () http://secunia.com/advisories/44681 - Vendor Advisory () http://secunia.com/advisories/44681 - Vendor Advisory
References () http://secunia.com/advisories/44849 - () http://secunia.com/advisories/44849 -
References () http://secunia.com/advisories/44888 - () http://secunia.com/advisories/44888 -
References () http://secunia.com/advisories/45162 - () http://secunia.com/advisories/45162 -
References () http://subversion.apache.org/security/CVE-2011-1921-advisory.txt - Vendor Advisory () http://subversion.apache.org/security/CVE-2011-1921-advisory.txt - Vendor Advisory
References () http://support.apple.com/kb/HT5130 - () http://support.apple.com/kb/HT5130 -
References () http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES - () http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES -
References () http://www.debian.org/security/2011/dsa-2251 - () http://www.debian.org/security/2011/dsa-2251 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:106 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:106 -
References () http://www.redhat.com/support/errata/RHSA-2011-0862.html - () http://www.redhat.com/support/errata/RHSA-2011-0862.html -
References () http://www.securityfocus.com/bid/48091 - () http://www.securityfocus.com/bid/48091 -
References () http://www.securitytracker.com/id?1025619 - () http://www.securitytracker.com/id?1025619 -
References () http://www.ubuntu.com/usn/USN-1144-1 - () http://www.ubuntu.com/usn/USN-1144-1 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=709114 - () https://bugzilla.redhat.com/show_bug.cgi?id=709114 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/67804 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/67804 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999 -
Information

Published : 2011-06-06 19:55

Updated : 2024-11-21 01:27

NVD link : CVE-2011-1921

Mitre link : CVE-2011-1921

CVE.ORG link : CVE-2011-1921

JSON object : View

Products Affected

apache

  • subversion
CWE
CWE-264

Permissions, Privileges, and Access Controls


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024