vulnerability

Ubuntu: (Multiple Advisories) (CVE-2016-8734): Subversion vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:N/A:P)	Nov 29, 2016	Aug 11, 2017	May 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Nov 29, 2016

Added

Aug 11, 2017

Modified

May 5, 2025

Description

Joern Schneeweisz discovered that Subversion did not properly handle
host names in 'svn+ssh://' URLs. A remote attacker could use this
to construct a subversion repository that when accessed could run
arbitrary code with the privileges of the user. (CVE-2017-9800)

Daniel Shahaf and James McCoy discovered that Subversion did not
properly verify realms when using Cyrus SASL authentication. A
remote attacker could use this to possibly bypass intended access
restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-2167)

Florian Weimer discovered that Subversion clients did not properly
restrict XML entity expansion when accessing http(s):// URLs. A remote
attacker could use this to cause a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8734)

Solution(s)

ubuntu-upgrade-libapache2-mod-svnubuntu-upgrade-libapache2-svnubuntu-upgrade-libsvn1ubuntu-upgrade-subversion

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today