CVE-2016-2168

Public on 2016-05-05

Modified on 2016-06-03

Description

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

Severity

Medium

CVSS v3 Base Score

5.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	mod_dav_svn	2016-06-02	ALAS-2016-710	Fixed
Amazon Linux 1	subversion	2016-06-02	ALAS-2016-709	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD	CVSSv2	4.0	AV:N/AC:L/Au:S/C:N/I:N/A:P
NVD	CVSSv3	6.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2016-2168 Mitre: CVE-2016-2168