[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.4] subversion: unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// (CVE-2016-8734)

ID: oval:org.secpod.oval:def:1800422Date: (C)2018-03-29   (M)2023-12-20
Class: PATCHFamily: unix




Subversion"s mod_dontdothat module and clients using are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount of CPU resources or memory. Fixed In Version: subversion 1.8.17, subversion 1.9.5 Reference:

Platform:
Alpine Linux 3.4
Product:
subversion
Reference:
6648
CVE-2016-8734
CVE    1
CVE-2016-8734
CPE    83
cpe:/a:apache:subversion:1.6.10
cpe:/a:apache:subversion:1.6.11
cpe:/a:apache:subversion:1.6.12
cpe:/a:apache:subversion:1.6.13
...

© SecPod Technologies