vulnerability

FreeBSD: VID-ac256985-b6a9-11e6-a3bf-206a8a720317 (CVE-2016-8734): subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:N/A:P)	Nov 29, 2016	Nov 30, 2016	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Nov 29, 2016

Added

Nov 30, 2016

Modified

Dec 10, 2025

Description

The Apache Software Foundation reports: The mod_dontdothat module of subversion and subversion clients using http(s):// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of resources. The attack is also known as the "billions of laughs attack."

Solutions

freebsd-upgrade-package-subversion18freebsd-upgrade-package-subversion

References

CVE-2016-8734
https://attackerkb.com/topics/CVE-2016-8734
CWE-400

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today