Oval Definition:	oval:org.mitre.oval:def:21301
Revision Date: 2015-03-09 Version: 50 Title: RHSA-2011:0862: subversion security update (Moderate) Description: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. Family: unix Class: patch Status: ACCEPTED Reference(s): CESA-2011:0862-CentOS 5 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 RHSA-2011:0862-01 Platform(s): CentOS Linux 5 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Product(s): subversion Definition Synopsis Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x AND Packages match section mod_dav_svn is earlier than 0:1.6.11-7.el5_6.4 OR subversion is earlier than 0:1.6.11-7.el5_6.4 OR subversion-devel is earlier than 0:1.6.11-7.el5_6.4 OR subversion-javahl is earlier than 0:1.6.11-7.el5_6.4 OR subversion-perl is earlier than 0:1.6.11-7.el5_6.4 OR subversion-ruby is earlier than 0:1.6.11-7.el5_6.4 Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND Packages match section mod_dav_svn is earlier than 0:1.6.11-2.el6_1.4 OR subversion is earlier than 0:1.6.11-2.el6_1.4 OR subversion-debuginfo is earlier than 0:1.6.11-2.el6_1.4 OR subversion-devel is earlier than 0:1.6.11-2.el6_1.4 OR subversion-gnome is earlier than 0:1.6.11-2.el6_1.4 OR subversion-javahl is earlier than 0:1.6.11-2.el6_1.4 OR subversion-kde is earlier than 0:1.6.11-2.el6_1.4 OR subversion-perl is earlier than 0:1.6.11-2.el6_1.4 OR subversion-ruby is earlier than 0:1.6.11-2.el6_1.4 OR subversion-svn2cl is earlier than 0:1.6.11-2.el6_1.4
BACK