Описание
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.9.4-1ubuntu1 |
| devel | not-affected | 1.9.4-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.8.8-1ubuntu3.3]] |
| esm-infra/xenial | released | 1.9.3-2ubuntu1.1 |
| precise | ignored | end of life |
| precise/esm | not-affected | 1.6.17dfsg-3ubuntu3.7 |
| trusty | released | 1.8.8-1ubuntu3.3 |
| trusty/esm | DNE | trusty was released [1.8.8-1ubuntu3.3] |
| upstream | released | 1.9.4-1 |
| vivid/stable-phone-overlay | DNE |
Показывать по
4.9 Medium
CVSS2
6.8 Medium
CVSS3
Связанные уязвимости
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.
The canonicalize_username function in svnserve/cyrus_auth.c in Apache ...
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.
4.9 Medium
CVSS2
6.8 Medium
CVSS3