Back to search
CVE-2016-8734
Published: Oct 16, 2017
Modified: Sep 16, 2024
PUBLISHED
Description
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Subversion | affected 1.4.0 to 1.8.16affected 1.9.0 to 1.9.4 |
References
94588
vdb-entry
x_refsource_BID
[announce] 20161129 [SECURITY] Apache Subversion 1.9.5 released
mailing-list
x_refsource_MLIST
1037361
vdb-entry
x_refsource_SECTRACK
DSA-3932
vendor-advisory
x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://subversion.apache.org/security/CVE-2016-8734-advisory.txt
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now