FreeBSD : subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s) (ac256985-b6a9-11e6-a3bf-206a8a720317)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Apache Software Foundation reports :

The mod_dontdothat module of subversion and subversion clients using
http(s):// are vulnerable to a denial-of-service attack, caused by
exponential XML entity expansion. The attack targets XML parsers
causing targeted process to consume excessive amounts of resources.
The attack is also known as the 'billions of laughs attack.'

See also :

http://subversion.apache.org/security/CVE-2016-8734-advisory.txt
http://www.nessus.org/u?ec41288d

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95409 ()

Bugtraq ID:

CVE ID: CVE-2016-8734

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now