Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2016-2168

Published: 05/05/2016 Updated: 07/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Subversion

Vulnerability Summary

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion prior to 1.8.16 and 1.9.x prior to 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion

apache subversion 1.9.3

apache subversion 1.9.1

apache subversion 1.9.0

apache subversion 1.9.2

Vendor Advisories

Ubuntu Security Notice: subversion vulnerabilities
Several security issues were fixed in Subversion ...
Amazon Linux AMI: ALAS-2016-710
The canonicalize_username function in svnserve/cyrus_authc in Apache Subversion before 1816 and 19x before 194, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string (CVE-2016-2167) The req_check_acces ...
Amazon Linux AMI: ALAS-2016-709
The canonicalize_username function in svnserve/cyrus_authc in Apache Subversion before 1816 and 19x before 194, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string (CVE-2016-2167) The req_check_acces ...
Red Hat: CVE-2016-2168
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1816 and 19x before 194 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2016/dsa-3561http://subversion.apache.org/security/CVE-2016-2168-advisory.txthttp://www.securitytracker.com/id/1035707http://www.securityfocus.com/bid/89320http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00043.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.htmlhttps://security.gentoo.org/glsa/201610-05https://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA%40mail.gmail.com%3Ehttp://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ%40mail.gmail.com%3Ehttps://usn.ubuntu.com/3388-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook