The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion prior to 1.8.16 and 1.9.x prior to 1.9.4, when Cyrus SASL authentication is used, allows remote malicious users to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache subversion |
||
apache subversion 1.9.3 |
||
apache subversion 1.9.1 |
||
apache subversion 1.9.0 |
||
apache subversion 1.9.2 |