[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2016-709 ---- subversion mod24_dav_svn

ID: oval:org.secpod.oval:def:1600414Date: (C)2016-06-07   (M)2017-12-06
Class: PATCHFamily: unix




The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service via a crafted header in a MOVE or COPY request, involving an authorization check

Platform:
Amazon Linux AMI
Product:
subversion
mod24_dav_svn
Reference:
ALAS-2016-709
CVE-2016-2167
CVE-2016-2168
CVE    2
CVE-2016-2168
CVE-2016-2167
CPE    8
cpe:/a:mod24:mod24_dav_svn
cpe:/a:apache:subversion
cpe:/a:apache:subversion:1.8.15
cpe:/o:amazon:linux
...

© 2013 SecPod Technologies