[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3561-1 subversion -- subversion

ID: oval:org.secpod.oval:def:602484Date: (C)2016-06-14   (M)2018-06-04
Class: PATCHFamily: unix




Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2167 Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially allowing a user to authenticate using the wrong realm. CVE-2016-2168 Ivan Zhakov of VisualSVN discovered a remotely triggerable denial of service vulnerability in the mod_authz_svn module during COPY or MOVE authorization check. An authenticated remote attacker could take advantage of this flaw to cause a denial of service via COPY or MOVE requests with specially crafted header.

Platform:
Debian 8.x
Product:
subversion
Reference:
DSA-3561-1
CVE-2016-2167
CVE-2016-2168
CVE    2
CVE-2016-2168
CVE-2016-2167
CPE    7
cpe:/a:apache:subversion:1.8.15
cpe:/o:debian:debian_linux:8.x
cpe:/a:apache:subversion
cpe:/a:apache:subversion:1.9.0
...

© SecPod Technologies