ALAS-2016-710 ---- mod_dav_svnID: oval:org.secpod.oval:def:1600413 | Date: (C)2016-06-07 (M)2023-11-13 |
Class: PATCH | Family: unix |
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service via a crafted header in a MOVE or COPY request, involving an authorization check
Platform: |
Amazon Linux AMI |