CVE-2016-2167
published 2016-05-05CVE-2016-2167: The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used…
medium6.8CVSS 3.0
AVNACHPRLUINSUCHIHAN
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | subversion | <= 1.8.15 | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | >= 0 < 1.9.4-1 | 1.9.4-1 |
| apache | subversion | >= 0 < 1.9.4-1 | 1.9.4-1 |
| apache | subversion | >= 0 < 1.9.4-1 | 1.9.4-1 |
| apache | subversion | >= 0 < 1.9.4-1 | 1.9.4-1 |
| apache | subversion | >= 0 < 1.8.8-1ubuntu3.3 | 1.8.8-1ubuntu3.3 |
| apache | subversion | >= 0 < 1.9.3-2ubuntu1.1 | 1.9.3-2ubuntu1.1 |
| debian | subversion | < subversion 1.9.4-1 (bookworm) | subversion 1.9.4-1 (bookworm) |
CVSS provenance
nvdv3.06.8MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
osv6.8MEDIUM