Vulnerability Key Information Affected Versions Affected Versions - Subversion HTTPD servers <= 1.6.20 - Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive) Fixed Versions - Subversion 1.6.21 - Subversion 1.7.9 - svnserv (any version) is not affected Vulnerability Description The Apache HTTPD server module in Subversion exhibits abnormal memory usage when a large number of properties are set or deleted on a node, potentially leading to a Denial of Service (DoS) attack. Vulnerability Details Setting or deleting a large number of properties on a node results in excessive memory consumption. Each process tends to stabilize in memory usage, which may lead to memory exhaustion and trigger a DoS attack. The attack requires write access to the repository, typically requiring authentication; anonymous users cannot exploit this vulnerability. Vulnerability Severity CVSSv2 Base Score: 4.9 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C - Classified as a medium-risk vulnerability. Recommended Actions Upgrade Recommendation: All users should upgrade to Subversion 1.7.9. - If upgrading is not possible, apply the provided patch. Subversion 1.6.x or 1.7.x users can find the latest packages at: Subversion Packages Implement memory limits (e.g., ulimit) to prevent attacks from affecting other services running on the same machine. References and Reporter CVE ID: CVE-2013-1845 Reporter: Alexander Klink, n.runs