CVE-2016-2168

CWE-20 ā€” Improper Input Validation10 documents9 sources
Severity
6.5MEDIUM
EPSS
7.4%
top 8.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Subversion
Timeline
PublishedMay 5
Latest updateMay 13

Description

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

ā–¶NVDapache/subversion1.8.15+4
ā–¶Debiansubversion< 1.9.4-1+3

šŸ”“Vulnerability Details

3
GHSA
GHSA-h8ww-x8qq-fcxm: The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1ā†—2022-05-13
ā–¶
CVEList
CVE-2016-2168: The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1ā†—2016-05-05
ā–¶
OSV
CVE-2016-2168: The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1ā†—2016-05-05
ā–¶

šŸ“‹Vendor Advisories

4
Ubuntu
Subversion vulnerabilitiesā†—2017-10-24
ā–¶
Red Hat
subversion: DoS in mod_authz_svn during COPY/MOVE authorization checkā†—2016-04-28
ā–¶
Debian
CVE-2016-2168: subversion - The req_check_access function in the mod_authz_svn module in the httpd server in...ā†—2016
ā–¶
Apache
Apache subversion: CVE-2016-2168ā†—
ā–¶

šŸ’¬Community

2
Bugzilla
CVE-2016-2167 CVE-2016-2168 subversion: various flaws [fedora-all]ā†—2016-04-29
ā–¶
Bugzilla
CVE-2016-2168 subversion: DoS in mod_authz_svn during COPY/MOVE authorization checkā†—2016-04-29
ā–¶
CVE-2016-2168 (MEDIUM CVSS 6.5) | The req_check_access function in th | cvebase.io