Medium severity6.5NVD Advisory· Published May 5, 2016· Updated May 6, 2026
CVE-2016-2168
CVE-2016-2168
Description
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.
Affected products
5cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*range: <=1.8.15
- cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- subversion.apache.org/security/CVE-2016-2168-advisory.txtnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00043.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00044.htmlnvd
- mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA%40mail.gmail.com%3Envd
- mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ%40mail.gmail.com%3Envd
- www.debian.org/security/2016/dsa-3561nvd
- www.securityfocus.com/bid/89320nvd
- www.securitytracker.com/id/1035707nvd
- www.slackware.com/security/viewer.phpnvd
- security.gentoo.org/glsa/201610-05nvd
- www.oracle.com/security-alerts/cpuoct2020.htmlnvd
News mentions
0No linked articles in our index yet.