CVE-2016-8734
Public on 2017-02-06
Modified on 2017-02-06
Description
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | mod_dav_svn | 2017-02-06 | ALAS-2017-794 | Fixed |
| Amazon Linux 1 | subversion | 2017-02-06 | ALAS-2017-794 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 3.5 | AV:N/AC:M/Au:S/C:N/I:N/A:P |
| Amazon Linux | CVSSv3 | 4.4 | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv2 | 4.0 | AV:N/AC:L/Au:S/C:N/I:N/A:P |
| NVD | CVSSv3 | 6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |