Sign-up

ID

VAR-201707-0048


CVE

CVE-2016-6312


TITLE

Red Hat Enterprise Linux Packaged in product Subversion Inside mod_dav_svn Apache Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-008738

DESCRIPTION

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955. Apache APR-util and httpd are prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to cause the application to consume memory resources, resulting in denial-of-service conditions

Trust: 1.89

sources: NVD: CVE-2016-6312 // JVNDB: JVNDB-2016-008738 // BID: 92320

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linuxscope:eqversion:5.11

Trust: 1.6

vendor:red hatmodel:enterprise linuxscope:eqversion:5.11

Trust: 0.8

vendor:redhatmodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:apachemodel:httpdscope:eqversion:0

Trust: 0.3

vendor:apachemodel:apr-utilscope:eqversion:0

Trust: 0.3

sources: BID: 92320 // JVNDB: JVNDB-2016-008738 // CNNVD: CNNVD-201608-233 // NVD: CVE-2016-6312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6312
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6312
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201608-233
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2016-6312
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2016-6312
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2016-008738 // CNNVD: CNNVD-201608-233 // NVD: CVE-2016-6312

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2016-008738 // NVD: CVE-2016-6312

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-233

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201608-233

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008738

PATCH
title:Bug 1364122url:https://bugzilla.redhat.com/show_bug.cgi?id=1364122
Trust: 0.8
title:Red Hat Enterprise Linux Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=231588
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008738 // 
            
            
            
            CNNVD: CNNVD-201608-233

EXTERNAL IDS
db:NVDid:CVE-2016-6312
Trust: 2.7
db:BIDid:92320
Trust: 1.9
db:JVNDBid:JVNDB-2016-008738
Trust: 0.8
db:CNNVDid:CNNVD-201608-233
Trust: 0.6
sources:
            
            
            BID: 92320 // 
            
            
            
            JVNDB: JVNDB-2016-008738 // 
            
            
            
            CNNVD: CNNVD-201608-233 // 
            
            
            
            NVD: CVE-2016-6312

REFERENCES
url:https://bugzilla.redhat.com/show_bug.cgi?id=1364122
Trust: 1.9
url:http://www.securityfocus.com/bid/92320
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6312
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-6312
Trust: 0.8
url:http://httpd.apache.org/
Trust: 0.3
sources:
            
            
            BID: 92320 // 
            
            
            
            JVNDB: JVNDB-2016-008738 // 
            
            
            
            CNNVD: CNNVD-201608-233 // 
            
            
            
            NVD: CVE-2016-6312

CREDITS
Red Hat
Trust: 0.9
sources:
            
            
            BID: 92320 // 
            
            
            
            CNNVD: CNNVD-201608-233

SOURCES
db:BIDid:92320
db:JVNDBid:JVNDB-2016-008738
db:CNNVDid:CNNVD-201608-233
db:NVDid:CVE-2016-6312

LAST UPDATE DATE
2024-11-23T22:52:25.228000+00:00

SOURCES UPDATE DATE
db:BIDid:92320date:2016-08-04T00:00:00
db:JVNDBid:JVNDB-2016-008738date:2017-08-14T00:00:00
db:CNNVDid:CNNVD-201608-233date:2023-04-03T00:00:00
db:NVDid:CVE-2016-6312date:2024-11-21T02:55:53.003

SOURCES RELEASE DATE
db:BIDid:92320date:2016-08-04T00:00:00
db:JVNDBid:JVNDB-2016-008738date:2017-08-14T00:00:00
db:CNNVDid:CNNVD-201608-233date:2016-08-11T00:00:00
db:NVDid:CVE-2016-6312date:2017-07-17T13:18:06.420