CVE-2016-2167
Description
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.
Risk Information
Base Score
6.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
1.202
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Advanced version control system (USN-3388-1) libsvn1_1.8.8-1ubuntu3.3_i386.deb | Linux |
| Advanced version control system (USN-3388-1) libsvn1_1.8.8-1ubuntu3.3_amd64.deb | Linux |
| Advanced version control system (USN-3388-1) libsvn1_1.9.3-2ubuntu1.1_i386.deb | Linux |
| Advanced version control system (USN-3388-1) libsvn1_1.9.3-2ubuntu1.1_amd64.deb | Linux |
| Advanced version control system (USN-3388-1) libsvn1_1.9.5-1ubuntu1.1_i386.deb | Linux |
| Advanced version control system (USN-3388-1) libsvn1_1.9.5-1ubuntu1.1_amd64.deb | Linux |
| Advanced version control system (USN-3388-1) subversion_1.8.8-1ubuntu3.3_i386.deb | Linux |
| Advanced version control system (USN-3388-1) subversion_1.8.8-1ubuntu3.3_amd64.deb | Linux |
| Advanced version control system (USN-3388-1) subversion_1.9.3-2ubuntu1.1_i386.deb | Linux |
| Advanced version control system (USN-3388-1) subversion_1.9.3-2ubuntu1.1_amd64.deb | Linux |
| Advanced version control system (USN-3388-1) subversion_1.9.5-1ubuntu1.1_i386.deb | Linux |
| Advanced version control system (USN-3388-1) subversion_1.9.5-1ubuntu1.1_amd64.deb | Linux |
| Advanced version control system (USN-3388-1) libapache2-svn_1.8.8-1ubuntu3.3_all.deb | Linux |
| Advanced version control system (USN-3388-1) libapache2-svn_1.9.3-2ubuntu1.1_all.deb | Linux |
| Advanced version control system (USN-3388-1) libapache2-mod-svn_1.8.8-1ubuntu3.3_i386.deb | Linux |
| Advanced version control system (USN-3388-1) libapache2-mod-svn_1.8.8-1ubuntu3.3_amd64.deb | Linux |
| Advanced version control system (USN-3388-1) libapache2-mod-svn_1.9.3-2ubuntu1.1_i386.deb | Linux |
| Advanced version control system (USN-3388-1) libapache2-mod-svn_1.9.3-2ubuntu1.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234