4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
7.4 High
AI Score
Confidence
High
0.084 Low
EPSS
Percentile
94.5%
Multiple serious vulnerabilities have been found in Apache Subversion. Malicious users can exploit these vulnerabilities to cause denial of service or bypass security restrictions.
Below is a complete list of vulnerabilities
Technical details
Vulnerability (1) related to mod_authz_svn module. This vulnerability can be exploited via a specially designed headers. Successful attack requires malicious user to be authenticated on target server but no need to have any access to repositories on server.
Vulnerability (2) related to Cyrus SASL authentication library. Error in realm name handling leads to situation when user authenticated to realm one, which name is prefix of realm two name, will be authenticated to realm two too. (for example the user βjrandomβ in the realm βfooβ can successfully authenticate to a repository whose realm is βfoobarβ).
Instructions to check if you are affected for those vulnerabilities, workaround vulnerabilities or patches to apply you can find at original advisories listed in corresponding section of this advisory.
CVE-2016-2167 warning
CVE-2016-2168 warning
Update to the latest version
Apache Subversion download page
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
7.4 High
AI Score
Confidence
High
0.084 Low
EPSS
Percentile
94.5%