CVE-2016-2168
published 2016-05-05CVE-2016-2168: The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote…
medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | subversion | <= 1.8.15 | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | >= 0 < 1.9.4-1 | 1.9.4-1 |
| apache | subversion | >= 0 < 1.9.4-1 | 1.9.4-1 |
| apache | subversion | >= 0 < 1.9.4-1 | 1.9.4-1 |
| apache | subversion | >= 0 < 1.9.4-1 | 1.9.4-1 |
| debian | subversion | < subversion 1.9.4-1 (bookworm) | subversion 1.9.4-1 (bookworm) |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM