Medium severity6.5NVD Advisory· Published May 5, 2016· Updated Jun 17, 2026
CVE-2016-2168
CVE-2016-2168
Description
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*range: <=1.8.15
- cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*
- (no CPE)range: <1.8.16, <1.9.4
- osv-coords7 versionspkg:rpm/opensuse/subversion&distro=openSUSE%20Tumbleweedpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/subversion&distro=SUSE%20Studio%20Onsite%201.3
< 1.9.5-1.1+ 6 more
- (no CPE)range: < 1.9.5-1.1
- (no CPE)range: < 1.6.17-1.35.1
- (no CPE)range: < 1.8.10-21.1
- (no CPE)range: < 1.8.10-21.1
- (no CPE)range: < 1.8.19-25.3.1
- (no CPE)range: < 1.8.19-25.3.1
- (no CPE)range: < 1.6.17-1.35.1
Patches
Vulnerability mechanics
References
12- subversion.apache.org/security/CVE-2016-2168-advisory.txtnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00043.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00044.htmlnvd
- mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA%40mail.gmail.com%3Envd
- mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ%40mail.gmail.com%3Envd
- www.debian.org/security/2016/dsa-3561nvd
- www.securityfocus.com/bid/89320nvd
- www.securitytracker.com/id/1035707nvd
- www.slackware.com/security/viewer.phpnvd
- security.gentoo.org/glsa/201610-05nvd
- www.oracle.com/security-alerts/cpuoct2020.htmlnvd
News mentions
0No linked articles in our index yet.