Resource Exhaustion

Affecting subversion package, versions <1.9.5-1

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

References

CVSS Score

6.5
low severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    Low
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    High
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE
CVE-2016-8734
CWE
CWE-400
Snyk ID
SNYK-DEBIAN9-SUBVERSION-344315
Disclosed
16 Oct, 2017
Published
16 Oct, 2017