CVE-2016-2167

CWE-284Improper Access ControlCWE-20Improper Input Validation12 documents9 sources
Severity
6.8MEDIUM
EPSS
1.0%
top 23.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Subversion
Timeline
PublishedMay 5
Latest updateMay 13

Description

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages2 packages

NVDapache/subversion1.8.15+4
Debiansubversion< 1.9.4-1+3

🔴Vulnerability Details

4
GHSA
GHSA-4j43-22vc-mh3h: The canonicalize_username function in svnserve/cyrus_auth2022-05-13
OSV
subversion vulnerabilities2017-08-11
OSV
CVE-2016-2167: The canonicalize_username function in svnserve/cyrus_auth2016-05-05
CVEList
CVE-2016-2167: The canonicalize_username function in svnserve/cyrus_auth2016-05-05

📋Vendor Advisories

5
Ubuntu
Subversion vulnerabilities2017-10-24
Ubuntu
Subversion vulnerabilities2017-08-11
Red Hat
subversion: svnserve/sasl may authenticate users using the wrong realm2016-04-28
Debian
CVE-2016-2167: subversion - The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion...2016
Apache
Apache subversion: CVE-2016-2167

💬Community

2
Bugzilla
CVE-2016-2167 CVE-2016-2168 subversion: various flaws [fedora-all]2016-04-29
Bugzilla
CVE-2016-2167 subversion: svnserve/sasl may authenticate users using the wrong realm2016-04-29
CVE-2016-2167 (MEDIUM CVSS 6.8) | The canonicalize_username function | cvebase.io