It was found that mod_dontdothat did not block requests from certain clients (such as Serf-based clients). This could allow a client to bypass intended mod_dontdothat restrictions and use more resources on the server than expected. This issue affected mod_dontdothat versions 1.4.0 to 1.7.13, and 1.8.0 to 1.8.4. It has been corrected in versions 1.7.14 and 1.8.5. mod_dontdothat is included in the subversion sources for Red Hat Enterprise Linux 5 and 6; however, it is not built and shipped for those products, leaving them unaffected by this flaw. Acknowledgements: Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Ben Reser as the original reporter.
External References: http://subversion.apache.org/security/CVE-2013-4505-advisory.txt
Created subversion tracking bugs for this issue: Affects: fedora-all [bug 1034377]
Statement: Not vulnerable. This issue did not affect the versions of Subversion in Red Hat Enterprise Linux 5 and 6.
subversion-1.7.14-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
subversion-1.7.14-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
subversion-1.8.5-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.