{
  "threat_severity" : "Moderate",
  "public_date" : "2015-03-31T00:00:00Z",
  "bugzilla" : {
    "description" : "subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers",
    "id" : "1205138",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205138"
  },
  "cvss" : {
    "cvss_base_score" : "5.0",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-617",
  "details" : [ "The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.", "An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash." ],
  "statement" : "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "acknowledgement" : "Red Hat would like to thank Apache Software Foundation for reporting this issue. Upstream acknowledges Evgeny Kotkov (VisualSVN) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-08-17T00:00:00Z",
    "advisory" : "RHSA-2015:1633",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "subversion-0:1.6.11-15.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-09-08T00:00:00Z",
    "advisory" : "RHSA-2015:1742",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "subversion-0:1.7.14-7.ael7b_1.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "subversion",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0248\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0248\nhttps://subversion.apache.org/security/CVE-2015-0248-advisory.txt" ],
  "name" : "CVE-2015-0248",
  "csaw" : false
}