CVE-2018-11803

{"id": "CVE-2018-11803", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-02-05T17:29:00.327", "references": [{"url": "http://www.securityfocus.com/bid/106770", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/fa71074862373c142d264534385f8ea5d8d6b80d27f36f3c46f55003%40%3Cdev.subversion.apache.org%3E", "source": "security@apache.org"}, {"url": "https://security.gentoo.org/glsa/201904-08", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://usn.ubuntu.com/3869-1/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-824"}]}], "descriptions": [{"lang": "en", "value": "Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation."}, {"lang": "es", "value": "El m\u00f3dulo Apache HTTPD \"mod_dav_svn\" de Subversion, en versiones 1.10.0 y desde la 1.10.3 hasta la 1.11.0, se cerrar\u00e1 de manera inesperada despu\u00e9s de desreferenciar un puntero no inicializado si el cliente omite la ruta \"root\" en una operaci\u00f3n de listado de un directorio recursivo."}], "lastModified": "2023-11-07T02:51:48.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E3DE44D-BE33-4BF4-A0AE-FD17611252C6", "versionEndIncluding": "1.10.3", "versionStartIncluding": "1.10.0"}, {"criteria": "cpe:2.3:a:apache:subversion:1.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04E166FE-E69F-43A0-B5F2-C704411C115F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}