CVE-2016-2168

Public on 2016-05-05

Modified on 2016-06-03

Description

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

Severity

Medium

See what this means

CVSS v3 Base Score

5.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	mod_dav_svn	2016-06-02	ALAS-2016-710	Fixed
Amazon Linux 1	subversion	2016-06-02	ALAS-2016-709	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD	CVSSv2	4.0	AV:N/AC:L/Au:S/C:N/I:N/A:P
NVD	CVSSv3	6.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2016-2168 Mitre: CVE-2016-2168