Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2016-2167

Published: 05/05/2016 Updated: 07/11/2023
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6
VMScore: 436
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Subscribe to Apache

Vulnerability Summary

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion prior to 1.8.16 and 1.9.x prior to 1.9.4, when Cyrus SASL authentication is used, allows remote malicious users to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion

apache subversion 1.9.3

apache subversion 1.9.1

apache subversion 1.9.0

apache subversion 1.9.2

Vendor Advisories

Ubuntu Security Notice: subversion vulnerabilities
Several security issues were fixed in Subversion ...
Ubuntu Security Notice: subversion vulnerabilities
Several security issues were fixed in Subversion ...
Amazon Linux AMI: ALAS-2016-710
The canonicalize_username function in svnserve/cyrus_authc in Apache Subversion before 1816 and 19x before 194, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string (CVE-2016-2167) The req_check_acces ...
Amazon Linux AMI: ALAS-2016-709
The canonicalize_username function in svnserve/cyrus_authc in Apache Subversion before 1816 and 19x before 194, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string (CVE-2016-2167) The req_check_acces ...
Red Hat: CVE-2016-2167
The canonicalize_username function in svnserve/cyrus_authc in Apache Subversion before 1816 and 19x before 194, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string ...

References

CWE-284http://www.debian.org/security/2016/dsa-3561http://www.securitytracker.com/id/1035706http://subversion.apache.org/security/CVE-2016-2167-advisory.txthttp://www.securityfocus.com/bid/89417http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00043.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.htmlhttps://security.gentoo.org/glsa/201610-05https://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA%40mail.gmail.com%3Ehttp://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ%40mail.gmail.com%3Ehttps://nvd.nist.govhttps://usn.ubuntu.com/3388-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook