FreeBSD : subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s) (ac256985-b6a9-11e6-a3bf-206a8a720317)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

The Apache Software Foundation reports :

The mod_dontdothat module of subversion and subversion clients using
http(s):// are vulnerable to a denial-of-service attack, caused by
exponential XML entity expansion. The attack targets XML parsers
causing targeted process to consume excessive amounts of resources.
The attack is also known as the 'billions of laughs attack.'

See also :

Solution :

Update the affected packages.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95409 ()

Bugtraq ID:

CVE ID: CVE-2016-8734

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now