4 matches found
CVE-2016-2168
CVE-2016-2168 affects Apache Subversion’s httpd-based Subversion server, specifically the mod_authz_svn module. The issue arises in the req_check_access path, allowing remote authenticated users to trigger a denial of service (NULL pointer dereference and crash) via a crafted header in a MOVE or ...
CVE-2016-2167
The vulnerability CVE-2016-2167 affects Apache Subversion: the canonicalize_username function in svnserve/cyrus_auth.c, when Cyrus SASL is used, may allow remote authentication bypass by using a realm string that prefixes the expected repository realm. Affected versions are Subversion 1.8.x befor...
CVE-2015-5343
CVE-2015-5343 affects Apache Subversion (mod_dav_svn). An integer overflow in util.c can trigger an out-of-bounds read and heap overflow via a skel-encoded request body, allowing remote authenticated users to cause a DoS or possibly execute arbitrary code. Affected versions: Subversion 1.7.x; 1.8...
CVE-2015-5259
The CVE-2015-5259 issue affects Apache Subversion 1.9.x prior to 1.9.3. It arises from an overflow in the read_string path in libsvn_ra_svn/marshal.c when handling svn:// strings, causing a heap-based buffer overflow and an out-of-bounds read. This is exploitable remotely and can allow an attacke...