CVE-2016-6312

MEDIUM

Apache mod_dontdothat - DoS

Title source: llm

Description

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92320

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1364122

Scores

CVSS v3 6.5

EPSS 0.0052

EPSS Percentile 66.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (2)

redhat/enterprise_linux

n/a/n/a

Published Jul 17, 2017

Tracked Since Feb 18, 2026