CVE-2016-8734

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Subversion
Vendor: CVE Published:; 16 October 2017

Summary

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

Affected Version(s)

Apache Subversion 1.4.0 to 1.8.16

Apache Subversion 1.9.0 to 1.9.4

References

http://www.securityfocus.com/bid/94588

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4...

mailing-listx_refsource_MLIST

http://www.securitytracker.com/id/1037361

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2017
Vulnerability Reserved
Oct 18, 2016

.