[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2016-709 ---- subversion mod24_dav_svn

ID: oval:org.secpod.oval:def:1600414Date: (C)2016-06-07   (M)2018-06-04
Class: PATCHFamily: unix




The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service via a crafted header in a MOVE or COPY request, involving an authorization check

Platform:
Amazon Linux AMI
Product:
subversion
mod24_dav_svn
Reference:
ALAS-2016-709
CVE-2016-2167
CVE-2016-2168
CVE    2
CVE-2016-2168
CVE-2016-2167
CPE    8
cpe:/a:mod24:mod24_dav_svn
cpe:/a:apache:subversion:1.8.15
cpe:/o:amazon:linux
cpe:/a:apache:subversion
...

© SecPod Technologies