CVSS Base Vector:
The remote host is missing an update for the Huawei EulerOS
'subversion' Linux Distribution Package(s) announced via the EulerOS-SA-2019-2504 advisory.
Checks if a vulnerable Linux Distribution Package version is present on the target host.
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.(CVE-2016-8734)
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.(CVE-2015-5343)
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.(CVE-2016-2167)
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.(CVE-2016-2168)
'subversion' Linux Distribution Package(s) on Huawei EulerOS V2.0SP2.
Please install the updated Linux Distribution Package(s).
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
Linux Distribution Package