nvd-json-data-feeds/CVE-2016/CVE-2016-63xx/CVE-2016-6312.json

{
  "id": "CVE-2016-6312",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2017-07-17T13:18:06.420",
  "lastModified": "2023-02-13T04:50:11.010",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955."
    },
    {
      "lang": "es",
      "value": "El componente mod_dontdothat del m\u00f3dulo de Apache mod_dav_svn en Subversion como empaquetado en Red Hat Enterprise Linux versi\u00f3n 5.11, no detecta apropiadamente la recursi\u00f3n durante la expansi\u00f3n de la entidad, lo que permite a los usuarios autenticados remotos con acceso al repositorio webdav causar una denegaci\u00f3n del servicio (consumo de memoria y bloqueo de httpd) ). NOTA: Existe como una regresi\u00f3n de CVE-2009-1955."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBB01BA5-7103-4FDC-8DBC-15C254C99857"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/92320",
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364122",
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    }
  ]
}