DEBIAN-CVE-2016-8734

DEBIAN-CVE-2016-8734 PUBLISHED CVSS 6.5 MEDIUM

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	subversion	0, 0, 0
Debian:12	subversion	0, 0, 0
Debian:14	subversion	0, 0, 0
Debian:13	subversion	0, 0, 0

Timeline

Oct 16, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-8734 advisory

Open in Interactive Console →