What is CVE-2016-2167?

CVE-2016-2167 is a medium-severity vulnerability in Apache Subversion, classified under Improper Access Control. CVSS score: 6.8/10. Published 2016-05-05.

How severe is CVE-2016-2167?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Apache Subversion

CVE-2016-2167

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions…

EPSS: 0.010 (77.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Apache Subversion — versions 1.9.0, 1.9.1, 1.9.2
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

FEDORA-2016-20cc04ac50 (x_refsource_FEDORA, vendor-advisory)
89417 (vdb-entry, x_refsource_BID)
[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.8.16 released (mailing-list, x_refsource_MLIST)
SSA:2016-121-01 (vendor-advisory, x_refsource_SLACKWARE)
openSUSE-SU-2016:1264 (vendor-advisory, x_refsource_SUSE)
[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.9.4 released (mailing-list, x_refsource_MLIST)
openSUSE-SU-2016:1263 (vendor-advisory, x_refsource_SUSE)
DSA-3561 (vendor-advisory, x_refsource_DEBIAN)
1035706 (vdb-entry, x_refsource_SECTRACK)
GLSA-201610-05 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2016-2167?: CVE-2016-2167 is a medium-severity vulnerability in Apache Subversion, classified under Improper Access Control. CVSS score: 6.8/10. Published 2016-05-05.
How severe is CVE-2016-2167?: Medium severity. CVSS v3 base score is 6.8 out of 10.