Описание
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.
Меры по смягчению последствий
Only Apache+Subversion servers that have the "DontDoThatConfigFile" configuration option present are affected by this flaw. This option is not enabled in default httpd or mod_dav_svn configuration as shipped with Red Hat Enterprise Linux.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | subversion | Not affected | ||
| Red Hat Enterprise Linux 6 | subversion | Not affected | ||
| Red Hat Enterprise Linux 7 | subversion | Will not fix |
Показывать по
Дополнительная информация
Статус:
4.4 Medium
CVSS3
3.5 Low
CVSS2
Связанные уязвимости
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 throu ...
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.
4.4 Medium
CVSS3
3.5 Low
CVSS2