CVE-2016-2168

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-2168
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html
http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA%40mail.gmail.com%3E
http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ%40mail.gmail.com%3E
http://subversion.apache.org/security/CVE-2016-2168-advisory.txt Vendor Advisory
http://www.debian.org/security/2016/dsa-3561
http://www.securityfocus.com/bid/89320
http://www.securitytracker.com/id/1035707
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496
https://security.gentoo.org/glsa/201610-05
https://www.oracle.com/security-alerts/cpuoct2020.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*
History

07 Nov 2023, 02:31

Type Values Removed Values Added
References
  • {'url': 'http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E', 'name': '[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.9.4 released', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA@mail.gmail.com%3E', 'name': '[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.8.16 released', 'tags': [], 'refsource': 'MLIST'}
  • () http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ%40mail.gmail.com%3E -
  • () http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA%40mail.gmail.com%3E -
Information

Published : 2016-05-05 18:59

Updated : 2024-02-28 15:21

NVD link : CVE-2016-2168

Mitre link : CVE-2016-2168

CVE.ORG link : CVE-2016-2168

JSON object : View

Products Affected

apache

  • subversion
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024