rpm package
suse/subversion&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8734 | Med | 6.5 | < 1.6.17-1.36.9.1 | 1.6.17-1.36.9.1 | Oct 16, 2017 | Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resour | |
| CVE-2017-9800 | Cri | 9.8 | < 1.6.17-1.36.9.1 | 1.6.17-1.36.9.1 | Aug 11, 2017 | A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server | |
| CVE-2016-2168 | Med | 6.5 | < 1.6.17-1.35.1 | 1.6.17-1.35.1 | May 5, 2016 | The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) CO | |
| CVE-2016-2167 | Med | 6.8 | < 1.6.17-1.35.1 | 1.6.17-1.35.1 | May 5, 2016 | The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an | |
| CVE-2015-3187 | — | < 1.6.17-1.35.1 | 1.6.17-1.35.1 | Aug 12, 2015 | The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden |
- affected < 1.6.17-1.36.9.1fixed 1.6.17-1.36.9.1
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resour
- affected < 1.6.17-1.36.9.1fixed 1.6.17-1.36.9.1
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server
- affected < 1.6.17-1.35.1fixed 1.6.17-1.35.1
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) CO
- affected < 1.6.17-1.35.1fixed 1.6.17-1.35.1
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an
- CVE-2015-3187Aug 12, 2015affected < 1.6.17-1.35.1fixed 1.6.17-1.35.1
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden