CVE-2016-2167 - Improper Access Control

Severity

49%

Complexity

68%

Confidentiality

81%

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

CVSS 3.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N).

Overview

Type

Apache Software Foundation Subversion

First reported 8 years ago

2016-05-05 18:59:00

Last updated 7 years ago

2017-07-01 01:29:00

Affected Software

Apache Software Foundation Subversion 1.9.0

1.9.0

Apache Software Foundation Subversion 1.9.1

1.9.1

Apache Software Foundation Subversion 1.9.2

1.9.2

Apache Software Foundation Subversion 1.9.3

1.9.3

References

FEDORA-2016-20cc04ac50

openSUSE-SU-2016:1263

openSUSE-SU-2016:1264

[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.9.4 released

[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.8.16 released

http://subversion.apache.org/security/CVE-2016-2167-advisory.txt

Vendor Advisory

DSA-3561

89417

1035706

SSA:2016-121-01

GLSA-201610-05

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.