Vulnerability-Lookup

CVE-2016-8734 (GCVE-0-2016-8734)

Vulnerability from cvelistv5 – Published: 2017-10-16 13:00 – Updated: 2024-09-16 20:01

Summary

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

Severity ?

No CVSS data available.

CWE

Denial of Service

Assigner

apache

References

URL

	Vendor	Product	Version
	Apache Software Foundation	Apache Subversion	Affected: 1.4.0 to 1.8.16 Affected: 1.9.0 to 1.9.4

GSD-2016-8734

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-8734

Aliases

CVE-2016-8734

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8734",
    "description": "Apache Subversion\u0027s mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.",
    "id": "GSD-2016-8734",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-8734.html",
      "https://www.debian.org/security/2017/dsa-3932",
      "https://ubuntu.com/security/CVE-2016-8734",
      "https://advisories.mageia.org/CVE-2016-8734.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-8734.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8734"
      ],
      "details": "Apache Subversion\u0027s mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.",
      "id": "GSD-2016-8734",
      "modified": "2023-12-13T01:21:22.146890Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2017-10-13T00:00:00",
        "ID": "CVE-2016-8734",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Subversion",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "1.4.0 to 1.8.16"
                        },
                        {
                          "version_value": "1.9.0 to 1.9.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Subversion\u0027s mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "94588",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94588"
          },
          {
            "name": "[announce] 20161129 [SECURITY] Apache Subversion 1.9.5 released",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09@%3Cannounce.apache.org%3E"
          },
          {
            "name": "1037361",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037361"
          },
          {
            "name": "DSA-3932",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2017/dsa-3932"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "https://subversion.apache.org/security/CVE-2016-8734-advisory.txt",
            "refsource": "CONFIRM",
            "url": "https://subversion.apache.org/security/CVE-2016-8734-advisory.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2016-8734"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Subversion\u0027s mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://subversion.apache.org/security/CVE-2016-8734-advisory.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://subversion.apache.org/security/CVE-2016-8734-advisory.txt"
            },
            {
              "name": "[announce] 20161129 [SECURITY] Apache Subversion 1.9.5 released",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09@%3Cannounce.apache.org%3E"
            },
            {
              "name": "1037361",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037361"
            },
            {
              "name": "94588",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94588"
            },
            {
              "name": "DSA-3932",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-10-20T22:15Z",
      "publishedDate": "2017-10-16T13:29Z"
    }
  }
}

GHSA-X5MC-4P5H-GRH2

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2025-04-20 03:46

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-16T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Subversion\u0027s mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.",
  "id": "GHSA-x5mc-4p5h-grh2",
  "modified": "2025-04-20T03:46:51Z",
  "published": "2022-05-13T01:14:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8734"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09%40%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://subversion.apache.org/security/CVE-2016-8734-advisory.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3932"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94588"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037361"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-8734

Vulnerability from fkie_nvd - Published: 2017-10-16 13:29 - Updated: 2025-04-20 01:37

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security@apache.org	http://www.debian.org/security/2017/dsa-3932	Third Party Advisory
security@apache.org	http://www.securityfocus.com/bid/94588	Third Party Advisory, VDB Entry
security@apache.org	http://www.securitytracker.com/id/1037361	Third Party Advisory, VDB Entry
security@apache.org	https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09%40%3Cannounce.apache.org%3E
security@apache.org	https://subversion.apache.org/security/CVE-2016-8734-advisory.txt	Issue Tracking, Vendor Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpuoct2020.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2017/dsa-3932	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94588	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037361	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://subversion.apache.org/security/CVE-2016-8734-advisory.txt	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html

Impacted products

Vendor	Product	Version
apache	subversion	1.4.0
apache	subversion	1.4.1
apache	subversion	1.4.2
apache	subversion	1.4.3
apache	subversion	1.4.4
apache	subversion	1.4.5
apache	subversion	1.4.6
apache	subversion	1.5.0
apache	subversion	1.5.1
apache	subversion	1.5.2
apache	subversion	1.5.3
apache	subversion	1.5.4
apache	subversion	1.5.5
apache	subversion	1.5.6
apache	subversion	1.5.7
apache	subversion	1.5.8
apache	subversion	1.6.0
apache	subversion	1.6.1
apache	subversion	1.6.2
apache	subversion	1.6.3
apache	subversion	1.6.4
apache	subversion	1.6.5
apache	subversion	1.6.6
apache	subversion	1.6.7
apache	subversion	1.6.8
apache	subversion	1.6.9
apache	subversion	1.6.10
apache	subversion	1.6.11
apache	subversion	1.6.12
apache	subversion	1.6.13
apache	subversion	1.6.14
apache	subversion	1.6.15
apache	subversion	1.6.16
apache	subversion	1.6.17
apache	subversion	1.6.18
apache	subversion	1.6.19
apache	subversion	1.6.20
apache	subversion	1.6.21
apache	subversion	1.6.23
apache	subversion	1.7.0
apache	subversion	1.7.1
apache	subversion	1.7.2
apache	subversion	1.7.3
apache	subversion	1.7.4
apache	subversion	1.7.5
apache	subversion	1.7.6
apache	subversion	1.7.7
apache	subversion	1.7.8
apache	subversion	1.7.9
apache	subversion	1.7.10
apache	subversion	1.7.11
apache	subversion	1.7.12
apache	subversion	1.7.13
apache	subversion	1.7.14
apache	subversion	1.7.15
apache	subversion	1.7.16
apache	subversion	1.7.17
apache	subversion	1.7.18
apache	subversion	1.7.19
apache	subversion	1.7.20
apache	subversion	1.8.0
apache	subversion	1.8.1
apache	subversion	1.8.2
apache	subversion	1.8.3
apache	subversion	1.8.4
apache	subversion	1.8.5
apache	subversion	1.8.6
apache	subversion	1.8.7
apache	subversion	1.8.8
apache	subversion	1.8.9
apache	subversion	1.8.10
apache	subversion	1.8.11
apache	subversion	1.8.12
apache	subversion	1.8.13
apache	subversion	1.8.14
apache	subversion	1.8.15
apache	subversion	1.8.16
apache	subversion	1.9.0
apache	subversion	1.9.1
apache	subversion	1.9.2
apache	subversion	1.9.3
apache	subversion	1.9.4
debian	debian_linux	8.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13109084-931E-4565-BEE5-794B83E6978D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED3EA46-88F7-438D-B8FC-D6C5E1C8984C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "726B9C10-ACD5-41C2-A552-FD0046A75966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D72A75-EDB9-4AD1-B6FC-8A918804DE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B55A7A26-C994-4956-BBE7-BF3A51971295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9E26AB-915A-477F-BA5C-10965A7098F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD49A9B-16A7-4362-8D62-6EB5ECBE4296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0CB798-F4ED-44E5-9B15-B7009EAC6303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3F6E5C-CF55-4CEB-A5B6-D49E0234FF3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C1DD29-88D2-49DE-9B77-D925A4B9EB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67130DAF-AE81-43D2-A208-58A53746A7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9F8426-38CB-46B4-B0D0-8D16B48DD53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "90631FFA-9AB2-483D-B162-31A47428D280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD5A981-3FDD-4E74-8EB2-5F324246FFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F4E8C9-671B-4DA3-9D0D-98539D8D4FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "341F900B-5179-4CB4-9F41-91B58B29C414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F34F463-6350-4F48-B037-856DDBB1A4FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C813BA-B8F9-446B-A07F-B51F26815578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF4080D-0D95-429E-88AA-1051A5520C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF50F098-A055-4B79-AC35-6BD6F32D70F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "540461D4-87F4-42AB-ADDC-C7A067FE2893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E676744-C623-4894-8764-43588E56D2FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "669735D1-1C14-4CD7-AA7C-AD2CA63A1979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C568FD-54BC-4506-AF60-BFE7CE14D0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F71F24-D909-49D9-8B4F-FA757FDF1C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "034D1C36-B73E-443E-A6B4-44CC6E7BC043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D373245-8384-45E4-BE2E-E0518BD7F84F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED44413-D313-4588-9A4B-25F79D0925A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C193EB08-BBC2-43A2-B11A-9C7E2098862D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "022A5BCE-A1DC-48E2-829D-AD9261562095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "155F83A1-A04A-48C0-A801-B38F129F310F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "302DC06D-5FB1-4EF9-B5E1-6407B88D65FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A15D05-29BA-4CCC-9348-A516E1E2C079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "2004B474-9869-445D-957D-20EF254FB461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F91A5E0-0DD8-47DD-B52E-A15E8064945F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C34BE8D-6DFF-4E57-971C-8CCEF13E6500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CDBC5BA-6A3C-4DB9-BE16-83A4EB85100C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1B4950-4D56-47A2-BCE8-FB3714EA1B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "3194C6CE-3E8A-4861-AED1-942824974AE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D102460-B5D5-46C4-8021-7C3510A5FCF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92265E60-7BBF-4E8E-A438-4132D8FD57BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "346DE008-472F-47E1-8B96-F968C7D0A003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9BDB22-29E0-48A3-8765-FAC6A3442A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5EB3A7-DE33-42CB-9B5E-646B9D4FFBFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63AB9E5-FD99-40A8-B24F-623BDDBCA427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CEA6C3E-C41B-4EF9-84E1-72BC6B72D1C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B873C1-E7D6-4E55-A5A7-85000B686071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D2E8DD-4225-476A-AF17-7621C9A28391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "40D913E2-0FBD-4F6C-8A21-43A0681237BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B869CEB-7637-48C3-8A4C-171CFB766B97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "75CF5BC1-7071-48A3-86A9-C843485CAED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB23250-EBD2-4A5F-BF5E-1DAE1A64EF0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "200DB058-C9F0-4983-AF99-EBB8FC2E7875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "57697AAD-5264-4C05-89E4-0228DEF2E9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "24295270-DCBF-4FF3-88F7-E9A30B6388E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E754F2-5D3D-437E-BB15-693D2EB58DA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF4232D2-1F70-4A06-BD11-A0DFE6CE0744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3256F8C-2CA8-43B5-96E5-794113FF531B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "593F15F7-E610-458B-B094-BF6AC53B719A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.7.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5C25F7-0A02-4974-8144-839955C373C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC0E7811-3B60-46E7-943C-E0E7ED00FB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A57A3347-6C48-4803-AB4E-A4BC0E6BFA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "50D26799-D038-470A-A468-58DBDB64A7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3769BD6-B104-4F74-B8C4-89398A8894FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9757DD5E-42A6-44B8-9692-49690F60C8D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7B5A014-D4EE-4244-AABA-0873492F7295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD9F8C2A-A94E-4D99-839B-47AAE8754191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D29A9E-DB23-4D86-B4A3-3C4F663416AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86AEE89-9F8E-43A5-A888-F421B10DB2C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D335628F-EC07-43BE-9B29-3365A6F64D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4EF7D71-3AAF-4112-831A-3538C5B82594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "89835508-F72F-4D8A-8E4A-5CFAA5F90C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A64E1B-2E80-4A95-AA46-3CF66268EB9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A83933C-D270-4B9A-8D18-AC7302A5B86F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8645A28-11C4-4217-88FA-14122E740AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C07A431-98B5-4D52-B7DA-0A6FBF956D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF63977-9D8E-4550-8A2E-187F435C059B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "892FF423-1848-4E69-8C4C-E1972B656196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ACF37C7-8752-4A8F-B7E3-2E813C4A0DF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74200C33-9505-48EB-964D-6CA28C7F6DB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FBAFE7-986D-4B24-8122-FDCC380331C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B6148E-3E5F-4DCB-BD8E-45B3D56CB18C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Subversion\u0027s mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo mod_dontdothat y los clientes HTTP en su versi\u00f3n 1.4.0 hasta la 1.8.16 y 1.9.0 hasta la 1.9.4 de Apache Subversion son vulnerables a un ataque de denegaci\u00f3n de servicio (DoS) provocado por la expansi\u00f3n exponencial de la entidad XML. El ataque puede provocar que el proceso objetivo consuma una cantidad excesiva de recursos de la CPU o memoria."
    }
  ],
  "id": "CVE-2016-8734",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-16T13:29:00.220",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3932"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94588"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037361"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://subversion.apache.org/security/CVE-2016-8734-advisory.txt"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://subversion.apache.org/security/CVE-2016-8734-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-11813

Vulnerability from cnvd - Published: 2016-12-02

Title

Apache Subversion拒绝服务漏洞

Description

Apache Subversion是美国阿帕奇（Apache）软件基金会的一套开源的版本控制系统，该系统可兼容并发版本系统(CVS)。 Apache Subversion中存在拒绝服务漏洞。攻击者可利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Apache Subversion拒绝服务漏洞的补丁

Patch Description

Apache Subversion是美国阿帕奇（Apache）软件基金会的一套开源的版本控制系统，该系统可兼容并发版本系统(CVS)。 Apache Subversion中存在拒绝服务漏洞。攻击者可利用该漏洞造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： http://subversion.apache.org/

Reference

http://www.securityfocus.com/bid/94588

Impacted products

Name
Apache Subversion

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94588"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8734"
    }
  },
  "description": "Apache Subversion\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7248\u672c\u63a7\u5236\u7cfb\u7edf\uff0c\u8be5\u7cfb\u7edf\u53ef\u517c\u5bb9\u5e76\u53d1\u7248\u672c\u7cfb\u7edf(CVS)\u3002\r\n\r\nApache Subversion\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Florian Weimer (Red Hat).",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://subversion.apache.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11813",
  "openTime": "2016-12-02",
  "patchDescription": "Apache Subversion\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7248\u672c\u63a7\u5236\u7cfb\u7edf\uff0c\u8be5\u7cfb\u7edf\u53ef\u517c\u5bb9\u5e76\u53d1\u7248\u672c\u7cfb\u7edf(CVS)\u3002\r\n\r\nApache Subversion\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Subversion\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Subversion"
  },
  "referenceLink": "http://www.securityfocus.com/bid/94588",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-01",
  "title": "Apache Subversion\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8734 (GCVE-0-2016-8734)

GSD-2016-8734

GHSA-X5MC-4P5H-GRH2

FKIE_CVE-2016-8734

CNVD-2016-11813

Tags

Sightings

Nomenclature