DoS Vulnerability in Apache Subversion's mod_authz_svn Functionality
CVE-2016-2168

6.5MEDIUM

Key Information:

Vendor
Apache
Status
Subversion
Vendor
CVE Published:
5 May 2016

Summary

A vulnerability exists within the req_check_access function of the mod_authz_svn module in Apache Subversion prior to versions 1.8.16 and 1.9.4. This weakness allows remote authenticated users to exploit a crafted header in MOVE or COPY requests, potentially leading to a denial of service condition due to a NULL pointer dereference. This may cause the server process to crash, impacting availability of the service for legitimate users.

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://mail-archives.apache.org/mod_mbox/subversion-annou...
mailing-listx_refsource_MLIST
http://www.slackware.com/security/viewer.php?l=slackware-...
vendor-advisoryx_refsource_SLACKWARE

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.