CVE-2016-8734

Summary

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Subversion1.4.0 to 1.8.16affected
Apache Software FoundationApache Subversion1.9.0 to 1.9.4affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References