{
  "threat_severity" : "Moderate",
  "public_date" : "2019-07-31T12:00:00Z",
  "bugzilla" : {
    "description" : "subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'",
    "id" : "1733088",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1733088"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-617",
  "details" : [ "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server." ],
  "statement" : "An authenticated user can cause subversion server (svnserve) process to crash by sending  a well-formed read-only request which produces a particular answer. Exploitation results in denial of service by crashing an svnserve process. The impact of this differs depending on how svnserve is launched, including the different run modes selected by options such as \"svnserve -d\", \"svnserve -T -d\", \"svnserve -t\", and \"svnserve -i\". mod_dav_svn is not affected by this flaw.",
  "acknowledgement" : "Red Hat would like to thank the Subversion project (Apache Software Foundation) for reporting this issue. Upstream acknowledges Ace Olszowka (Build Master at Computers Unlimited) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-29T00:00:00Z",
    "advisory" : "RHSA-2020:3972",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "subversion-0:1.7.14-16.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4712",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "subversion:1.10-8030020200519083055.9ce6d490"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "subversion",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "subversion",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-11782\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11782\nhttps://subversion.apache.org/security/CVE-2018-11782-advisory.txt" ],
  "name" : "CVE-2018-11782",
  "csaw" : false
}