{
  "threat_severity" : "Low",
  "public_date" : "2015-03-31T00:00:00Z",
  "bugzilla" : {
    "description" : "subversion: (mod_dav_svn) spoofing svn:author property values for new revisions",
    "id" : "1205140",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205140"
  },
  "cvss" : {
    "cvss_base_score" : "3.5",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-348",
  "details" : [ "The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.", "It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property." ],
  "statement" : "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "acknowledgement" : "Red Hat would like to thank Apache Software Foundation for reporting this issue. Upstream acknowledges Evgeny Kotkov (VisualSVN) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-08-17T00:00:00Z",
    "advisory" : "RHSA-2015:1633",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "subversion-0:1.6.11-15.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-09-08T00:00:00Z",
    "advisory" : "RHSA-2015:1742",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "subversion-0:1.7.14-7.el7_1.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "subversion",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0251\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0251\nhttps://subversion.apache.org/security/CVE-2015-0251-advisory.txt" ],
  "name" : "CVE-2015-0251",
  "csaw" : false
}