Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6312

Опубликовано: 04 авг. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955.

A denial of service vulnerability was found in subversion. The mod_dontdothat component of the mod_dav_svn Apache module did not properly protect against exponential XML entity expansion attacks. An attacker with credentials to the webdav repository could send a crafted message that would result in resource exhaustion and denial of service to httpd.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Directory Server 8apr-utilNot affected
Red Hat Directory Server 8httpdNot affected
Red Hat Enterprise Linux 5apr-utilWill not fix
Red Hat Enterprise Linux 5httpdNot affected
Red Hat Enterprise Linux 6apr-utilNot affected
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7apr-utilNot affected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat JBoss Enterprise Web Server 1apr-utilNot affected
Red Hat JBoss Enterprise Web Server 1httpdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1364122httpd: Billion laughs attack regression

EPSS

Процентиль: 66%
0.00515
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6312

CVSS3: 6.5
ubuntu
больше 8 лет назад

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955.

nvd логотип

CVE-2016-6312

CVSS3: 6.5
nvd
больше 8 лет назад

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955.

debian логотип

CVE-2016-6312

CVSS3: 6.5
debian
больше 8 лет назад

The mod_dontdothat component of the mod_dav_svn Apache module in Subve ...

github логотип

GHSA-75fh-5jm2-jr94

CVSS3: 6.5
github
больше 3 лет назад

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955.

EPSS

Процентиль: 66%
0.00515
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2