CVE-2016-2168

Severity

40%

Complexity

80%

Confidentiality

48%

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

CWE-476: NULL Pointer Dereference

CVSS 3.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

Type

Apache Software Foundation Subversion

First reported 8 years ago

2016-05-05 18:59:00

Last updated 7 years ago

2017-07-01 01:29:00

Affected Software

Apache Software Foundation Subversion 1.9.0

1.9.0

Apache Software Foundation Subversion 1.9.1

1.9.1

Apache Software Foundation Subversion 1.9.2

1.9.2

Apache Software Foundation Subversion 1.9.3

1.9.3

References

FEDORA-2016-20cc04ac50

openSUSE-SU-2016:1263

openSUSE-SU-2016:1264

[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.9.4 released

[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.8.16 released

http://subversion.apache.org/security/CVE-2016-2168-advisory.txt

Vendor Advisory

DSA-3561

89320

1035707

SSA:2016-121-01

GLSA-201610-05

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.