Apache Subversion 1.8.x < 1.8.16 / 1.9.x < 1.9.4 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 9395
SynopsisThe remote host is running a version of Apache Subversion (SVN) that is affected by a multiple vulnerabilities.
DescriptionThe version of Apache Subversion installed on the remote host is version 1.8.x prior to 1.8.16 or 1.9.x prior to 1.9.4. It is, therefore, affected by the following vulnerabilities :
- A flaw exists within 'svnserve/sasl' that is triggered when handling a realm string which is a prefix of the expected realm string, which can cause an authenticated remote attacker to incorrectly authenticate into the wrong realm. This may allow the attacker to gain access to areas they would otherwise be restricted from. (CVE-2016-2167)
- A flaw exists within 'mod_authz_svn' that is triggered as authorization checks are not properly performed on 'COPY' and 'MOVE' actions. This may allow a remote attacker to use a specially crafted header to crash the server. (CVE-2016-2168)
- A 'NULL pointer' dereference flaw exists within the 'mod_authz_svn' module that is triggered when handling invalid headers for COPY and MOVE requests. This may allow a remote attacker to cause a Subversion server to crash. (CVE-2016-2168)
SolutionUpgrade to Apache Subversion 1.9.4 or later. If 1.9.4 cannot be obtained, 1.8.16 is also patched for these vulnerabilities.