Vulnerability CVE-2011-1921: Information

Description

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.

Severity: MEDIUM (4.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2011-1921
Published: June 6, 2011
Modified: Sept. 19, 2017
Error type identifier: CWE-264

References to Advisories, Solutions, and Tools

Hyperlink
Resource
48091
    44681
    • Vendor Advisory
    44633
    • Vendor Advisory
    DSA-2251
      https://bugzilla.redhat.com/show_bug.cgi?id=709114
        http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES
          http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
          • Vendor Advisory
          MDVSA-2011:106
            1025619
              RHSA-2011:0862
                FEDORA-2011-8352
                  USN-1144-1
                    44888
                      44849
                        45162
                          FEDORA-2011-8341
                            http://support.apple.com/kb/HT5130
                              APPLE-SA-2012-02-01-1
                                subversion-control-rules-info-disc(67804)
                                  oval:org.mitre.oval:def:18999

                                      1. Configuration 1

                                        cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*

                                        Configuration 2

                                        cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
                                        cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
                                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                    Version: v24.4.2
                                    Back to top