CVE-2016-2168

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Subversion
Vendor: CVE Published:; 5 May 2016

Summary

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://mail-archives.apache.org/mod_mbox/subversion-annou...

mailing-listx_refsource_MLIST

http://www.slackware.com/security/viewer.php?l=slackware-...

vendor-advisoryx_refsource_SLACKWARE

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2016
Vulnerability Reserved
Jan 29, 2016

.