PT-2016-5044 · Apache+2 · Apache Subversion+2

Published

2016-04-29

Updated

2024-06-15

CVE-2016-2168

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Subversion versions prior to 1.8.16 Apache Subversion versions 1.9.x prior to 1.9.4

Description The issue allows remote authenticated users to cause a denial of service, resulting in a crash, by sending a crafted header in a MOVE or COPY request. This is due to a NULL pointer dereference in the req check access function within the mod authz svn module of the httpd server.

Recommendations For Apache Subversion versions prior to 1.8.16, update to version 1.8.16 or later. For Apache Subversion versions 1.9.x prior to 1.9.4, update to version 1.9.4 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-1641

ALT-PU-2020-2914

CVE-2016-2168

DLA-448-1

DSA-3561-1

MGASA-2016-0161

OPENSUSE-SU-2024:10538-1

SUSE-SU-2016:1249-1

SUSE-SU-2016:1511-1

SUSE-SU-2017:2200-1

USN-3388-2

Affected Products

Alt Linux

Apache Subversion

Suse

PT-2016-5044 · Apache+2 · Apache Subversion+2

CVE-2016-2168

Related Identifiers

Affected Products

References · 112