6.8
CVSSv3

CVE-2016-2167

Published: 05/05/2016 Updated: 20/10/2020
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6
VMScore: 436
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Vulnerability Summary

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion prior to 1.8.16 and 1.9.x prior to 1.9.4, when Cyrus SASL authentication is used, allows remote malicious users to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion

apache subversion 1.9.0

apache subversion 1.9.1

apache subversion 1.9.2

apache subversion 1.9.3

Vendor Advisories

Several security issues were fixed in Subversion ...
Several security issues were fixed in Subversion ...
The canonicalize_username function in svnserve/cyrus_authc in Apache Subversion before 1816 and 19x before 194, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string ...
The canonicalize_username function in svnserve/cyrus_authc in Apache Subversion before 1816 and 19x before 194, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string (CVE-2016-2167 ) The req_check_acce ...
The canonicalize_username function in svnserve/cyrus_authc in Apache Subversion before 1816 and 19x before 194, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string (CVE-2016-2167 ) The req_check_acce ...
Oracle Solaris Third Party Bulletin - July 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...