vulnerability

Ubuntu: (Multiple Advisories) (CVE-2016-2167): Subversion vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	May 5, 2016	Aug 11, 2017	Aug 18, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

May 5, 2016

Added

Aug 11, 2017

Modified

Aug 18, 2025

Description

Joern Schneeweisz discovered that Subversion did not properly handle
host names in 'svn+ssh://' URLs. A remote attacker could use this
to construct a subversion repository that when accessed could run
arbitrary code with the privileges of the user. (CVE-2017-9800)

Daniel Shahaf and James McCoy discovered that Subversion did not
properly verify realms when using Cyrus SASL authentication. A
remote attacker could use this to possibly bypass intended access
restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-2167)

Florian Weimer discovered that Subversion clients did not properly
restrict XML entity expansion when accessing http(s):// URLs. A remote
attacker could use this to cause a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8734)

Solutions

ubuntu-upgrade-libapache2-mod-svnubuntu-upgrade-libapache2-svnubuntu-upgrade-libsvn1ubuntu-upgrade-subversion

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today