34 matches found
EUVD-2016-9573
Malicious code in bioql PyPI...
Advisory ROSA-SA-2021-1979
Software: subversion 1.7.14 OS: Cobalt 7.9 CVE-ID: CVE-2014-3504 CVE-Crit: HIGH CVE-DESC: The functions 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate in Serf 0.2.0 - 1.3.x through 1.3.7 incorrectly handle the NUL byte in the domain name in the subject common name. CN in...
Denial Of Service (DoS)
subversion is vulnerable to denial of service DoS. The vulnerability exists through the moddontdothat module caused by exponential XML entity expansion...
CVE-2016-8734
Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...
CVE-2016-8734
Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...
Design/Logic Flaw
Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...
CVE-2016-8734
CVE-2016-8734 affects Apache Subversion’s mod_dontdothat and HTTP(S) clients (versions 1.4.0–1.8.16 and 1.9.0–1.9.4). The root cause is exponential XML entity expansion, leading to denial-of-service via high CPU/memory usage. Multiple advisories confirm impact across distros (Debian, Mageia, Fedo...
CVE-2016-8734
Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...
CVE-2016-8734
Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...
CVE-2016-6312
The moddontdothat component of the moddavsvn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service memory...
CVE-2016-6312
The moddontdothat component of the moddavsvn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service memory...
CVE-2016-6312
The moddontdothat component of the moddavsvn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service memory...
CVE-2016-6312
CVE-2016-6312 is a regression of CVE-2009-1955 describing a DoS in Apache httpd/mod_dav_svn caused by the mod_dontdothat component failing to detect recursive XML entity expansion. Connected sources confirm the underlying issue is in APR-util's XML entity handling (as part of APR-util) used by Ap...
Apache Subversion 1.8.x < 1.8.17 / 1.9.x < 1.9.5 DoS
Binary data 9907.prm...
Updated subversion packages fix security vulnerability
Subversion's moddontdothat module and clients using https:// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount o...
CVE-2016-8734
Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...
subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)
The Apache Software Foundation reports: The moddontdothat module of subversion and subversion clients using https:// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of...
CVE-2016-6312
A denial of service vulnerability was found in subversion. The moddontdothat component of the moddavsvn Apache module did not properly protect against exponential XML entity expansion attacks. An attacker with credentials to the webdav repository could send a crafted message that would result in...
openSUSE Security Update : subversion (openSUSE-SU-2013:1860-1)
This update fixes the following issues with subversion : - bnc850747: update to 1.7.14 - CVE-2013-4505: moddontdothat does not restrict requests from serf clients. - CVE-2013-4558: moddavsvn assertion triggered by autoversioning commits. + Client- and server-side bugfixes : - fix assertion on url...
Apache Subversion security vulnerabilities
moddontdothat protection bypass, DoS...