[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108684

 
 

909

 
 

85446

 
 

134

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2016-709 ---- subversion mod24_dav_svn

ID: oval:org.secpod.oval:def:1600414Date: (C)2016-06-07   (M)2018-05-06
Class: PATCHFamily: unix




The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service via a crafted header in a MOVE or COPY request, involving an authorization check

Platform:
Amazon Linux AMI
Product:
subversion
mod24_dav_svn
Reference:
ALAS-2016-709
CVE-2016-2167
CVE-2016-2168
CVE    2
CVE-2016-2168
CVE-2016-2167
CPE    8
cpe:/a:mod24:mod24_dav_svn
cpe:/a:apache:subversion:1.9.0
cpe:/a:apache:subversion:1.9.1
cpe:/a:apache:subversion:1.9.2
...

© SecPod Technologies