apache subversion CVE-2020-17525 vulnerability in Apache and Other Products
Published on March 17, 2021

Remote unauthenticated denial-of-service in Subversion mod_authz_svn

product logo product logo product logo
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7

NVD

Weakness Type

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.


Products Associated with CVE-2020-17525

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-17525 are published in these products:

Apache Subversion
 
Debian Linux
 
Canonical Ubuntu Linux
 

Affected Versions

Apache Software Foundation Apache Subversion:

Exploit Probability

EPSS
11.75%
Percentile
93.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.