{"url":"http://public2.vulnerablecode.io/api/packages/184010?format=json","purl":"pkg:rpm/redhat/subversion@1.6.11-7.el5_6?arch=4","type":"rpm","namespace":"redhat","name":"subversion","version":"1.6.11-7.el5_6","qualifiers":{"arch":"4"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101583?format=json","vulnerability_id":"VCID-7sq7-gjgr-xqfs","summary":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1752.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1752","reference_id":"","reference_type":"","scores":[{"value":"0.22709","scoring_system":"epss","scoring_elements":"0.95968","published_at":"2026-06-04T12:55:00Z"},{"value":"0.22709","scoring_system":"epss","scoring_elements":"0.95972","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709111","reference_id":"709111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709111"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0861","reference_id":"RHSA-2011:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0862","reference_id":"RHSA-2011:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0862"},{"reference_url":"https://usn.ubuntu.com/1144-1/","reference_id":"USN-1144-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1144-1/"}],"fixed_packages":[],"aliases":["CVE-2011-1752"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7sq7-gjgr-xqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101585?format=json","vulnerability_id":"VCID-mdj4-znus-3uex","summary":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1783.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1783","reference_id":"","reference_type":"","scores":[{"value":"0.11093","scoring_system":"epss","scoring_elements":"0.936","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11093","scoring_system":"epss","scoring_elements":"0.9361","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709112","reference_id":"709112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709112"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0862","reference_id":"RHSA-2011:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0862"},{"reference_url":"https://usn.ubuntu.com/1144-1/","reference_id":"USN-1144-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1144-1/"}],"fixed_packages":[],"aliases":["CVE-2011-1783"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdj4-znus-3uex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101586?format=json","vulnerability_id":"VCID-zqz3-19qj-suh8","summary":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1921.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1921.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1921","reference_id":"","reference_type":"","scores":[{"value":"0.04037","scoring_system":"epss","scoring_elements":"0.88704","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04037","scoring_system":"epss","scoring_elements":"0.88721","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709114","reference_id":"709114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709114"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0862","reference_id":"RHSA-2011:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0862"},{"reference_url":"https://usn.ubuntu.com/1144-1/","reference_id":"USN-1144-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1144-1/"}],"fixed_packages":[],"aliases":["CVE-2011-1921"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqz3-19qj-suh8"}],"fixing_vulnerabilities":[],"risk_score":"0.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/subversion@1.6.11-7.el5_6%3Farch=4"}