CVE-2016-8734

Source
https://cve.org/CVERecord?id=CVE-2016-8734
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8734.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-8734
Downstream
Related
Published
2017-10-16T13:29:00.220Z
Modified
2026-07-07T08:49:13.833709189Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

Database specific
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "1.4.1"
                },
                {
                    "last_affected": "1.4.1"
                },
                {
                    "introduced": "1.6.7"
                },
                {
                    "last_affected": "1.6.7"
                }
            ],
            "vendor_product": "apache:subversion",
            "cpes": [
                "cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.0"
                },
                {
                    "last_affected": "8.0"
                },
                {
                    "introduced": "9.0"
                },
                {
                    "last_affected": "9.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "vendor_product": "debian:debian_linux"
        }
    ]
}
References

Affected packages

Git / github.com/apache/subversion

Affected ranges

Type
GIT
Repo
https://github.com/apache/subversion
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "1.4.0"
        },
        {
            "last_affected": "1.4.0"
        },
        {
            "introduced": "1.4.2"
        },
        {
            "last_affected": "1.4.2"
        },
        {
            "introduced": "1.4.3"
        },
        {
            "last_affected": "1.4.3"
        },
        {
            "introduced": "1.4.4"
        },
        {
            "last_affected": "1.4.4"
        },
        {
            "introduced": "1.4.5"
        },
        {
            "last_affected": "1.4.5"
        },
        {
            "introduced": "1.4.6"
        },
        {
            "last_affected": "1.4.6"
        },
        {
            "introduced": "1.5.0"
        },
        {
            "last_affected": "1.5.0"
        },
        {
            "introduced": "1.5.1"
        },
        {
            "last_affected": "1.5.1"
        },
        {
            "introduced": "1.5.2"
        },
        {
            "last_affected": "1.5.2"
        },
        {
            "introduced": "1.5.3"
        },
        {
            "last_affected": "1.5.3"
        },
        {
            "introduced": "1.5.4"
        },
        {
            "last_affected": "1.5.4"
        },
        {
            "introduced": "1.5.5"
        },
        {
            "last_affected": "1.5.5"
        },
        {
            "introduced": "1.5.6"
        },
        {
            "last_affected": "1.5.6"
        },
        {
            "introduced": "1.5.7"
        },
        {
            "last_affected": "1.5.7"
        },
        {
            "introduced": "1.5.8"
        },
        {
            "last_affected": "1.5.8"
        },
        {
            "introduced": "1.6.0"
        },
        {
            "last_affected": "1.6.0"
        },
        {
            "introduced": "1.6.1"
        },
        {
            "last_affected": "1.6.1"
        },
        {
            "introduced": "1.6.2"
        },
        {
            "last_affected": "1.6.2"
        },
        {
            "introduced": "1.6.3"
        },
        {
            "last_affected": "1.6.3"
        },
        {
            "introduced": "1.6.4"
        },
        {
            "last_affected": "1.6.4"
        },
        {
            "introduced": "1.6.5"
        },
        {
            "last_affected": "1.6.5"
        },
        {
            "introduced": "1.6.6"
        },
        {
            "last_affected": "1.6.6"
        },
        {
            "introduced": "1.6.8"
        },
        {
            "last_affected": "1.6.8"
        },
        {
            "introduced": "1.6.9"
        },
        {
            "last_affected": "1.6.9"
        },
        {
            "introduced": "1.6.10"
        },
        {
            "last_affected": "1.6.10"
        },
        {
            "introduced": "1.6.11"
        },
        {
            "last_affected": "1.6.11"
        },
        {
            "introduced": "1.6.12"
        },
        {
            "last_affected": "1.6.12"
        },
        {
            "introduced": "1.6.13"
        },
        {
            "last_affected": "1.6.13"
        },
        {
            "introduced": "1.6.14"
        },
        {
            "last_affected": "1.6.14"
        },
        {
            "introduced": "1.6.15"
        },
        {
            "last_affected": "1.6.15"
        },
        {
            "introduced": "1.6.16"
        },
        {
            "last_affected": "1.6.16"
        },
        {
            "introduced": "1.6.17"
        },
        {
            "last_affected": "1.6.17"
        },
        {
            "introduced": "1.6.18"
        },
        {
            "last_affected": "1.6.18"
        },
        {
            "introduced": "1.6.19"
        },
        {
            "last_affected": "1.6.19"
        },
        {
            "introduced": "1.6.20"
        },
        {
            "last_affected": "1.6.20"
        },
        {
            "introduced": "1.6.21"
        },
        {
            "last_affected": "1.6.21"
        },
        {
            "introduced": "1.6.23"
        },
        {
            "last_affected": "1.6.23"
        },
        {
            "introduced": "1.7.0"
        },
        {
            "last_affected": "1.7.0"
        },
        {
            "introduced": "1.7.1"
        },
        {
            "last_affected": "1.7.1"
        },
        {
            "introduced": "1.7.2"
        },
        {
            "last_affected": "1.7.2"
        },
        {
            "introduced": "1.7.3"
        },
        {
            "last_affected": "1.7.3"
        },
        {
            "introduced": "1.7.4"
        },
        {
            "last_affected": "1.7.4"
        },
        {
            "introduced": "1.7.5"
        },
        {
            "last_affected": "1.7.5"
        },
        {
            "introduced": "1.7.6"
        },
        {
            "last_affected": "1.7.6"
        },
        {
            "introduced": "1.7.7"
        },
        {
            "last_affected": "1.7.7"
        },
        {
            "introduced": "1.7.8"
        },
        {
            "last_affected": "1.7.8"
        },
        {
            "introduced": "1.7.9"
        },
        {
            "last_affected": "1.7.9"
        },
        {
            "introduced": "1.7.10"
        },
        {
            "last_affected": "1.7.10"
        },
        {
            "introduced": "1.7.11"
        },
        {
            "last_affected": "1.7.11"
        },
        {
            "introduced": "1.7.12"
        },
        {
            "last_affected": "1.7.12"
        },
        {
            "introduced": "1.7.13"
        },
        {
            "last_affected": "1.7.13"
        },
        {
            "introduced": "1.7.14"
        },
        {
            "last_affected": "1.7.14"
        },
        {
            "introduced": "1.7.15"
        },
        {
            "last_affected": "1.7.15"
        },
        {
            "introduced": "1.7.16"
        },
        {
            "last_affected": "1.7.16"
        },
        {
            "introduced": "1.7.17"
        },
        {
            "last_affected": "1.7.17"
        },
        {
            "introduced": "1.7.18"
        },
        {
            "last_affected": "1.7.18"
        },
        {
            "introduced": "1.7.19"
        },
        {
            "last_affected": "1.7.19"
        },
        {
            "introduced": "1.7.20"
        },
        {
            "last_affected": "1.7.20"
        },
        {
            "introduced": "1.8.0"
        },
        {
            "last_affected": "1.8.0"
        },
        {
            "introduced": "1.8.1"
        },
        {
            "last_affected": "1.8.1"
        },
        {
            "introduced": "1.8.2"
        },
        {
            "last_affected": "1.8.2"
        },
        {
            "introduced": "1.8.3"
        },
        {
            "last_affected": "1.8.3"
        },
        {
            "introduced": "1.8.4"
        },
        {
            "last_affected": "1.8.4"
        },
        {
            "introduced": "1.8.5"
        },
        {
            "last_affected": "1.8.5"
        },
        {
            "introduced": "1.8.6"
        },
        {
            "last_affected": "1.8.6"
        },
        {
            "introduced": "1.8.7"
        },
        {
            "last_affected": "1.8.7"
        },
        {
            "introduced": "1.8.8"
        },
        {
            "last_affected": "1.8.8"
        },
        {
            "introduced": "1.8.9"
        },
        {
            "last_affected": "1.8.9"
        },
        {
            "introduced": "1.8.10"
        },
        {
            "last_affected": "1.8.10"
        },
        {
            "introduced": "1.8.11"
        },
        {
            "last_affected": "1.8.11"
        },
        {
            "introduced": "1.8.12"
        },
        {
            "last_affected": "1.8.12"
        },
        {
            "introduced": "1.8.13"
        },
        {
            "last_affected": "1.8.13"
        },
        {
            "introduced": "1.8.14"
        },
        {
            "last_affected": "1.8.14"
        },
        {
            "introduced": "1.8.15"
        },
        {
            "last_affected": "1.8.15"
        },
        {
            "introduced": "1.8.16"
        },
        {
            "last_affected": "1.8.16"
        },
        {
            "introduced": "1.9.0"
        },
        {
            "last_affected": "1.9.0"
        },
        {
            "introduced": "1.9.1"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "introduced": "1.9.2"
        },
        {
            "last_affected": "1.9.2"
        },
        {
            "introduced": "1.9.3"
        },
        {
            "last_affected": "1.9.3"
        },
        {
            "introduced": "1.9.4"
        },
        {
            "last_affected": "1.9.4"
        }
    ],
    "cpe": [
        "cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.7.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.8.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*"
    ],
    "source": "CPE_STRING"
}

Affected versions

1.*
1.4.0
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.6.0
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.2
1.6.20
1.6.21
1.6.23
1.6.3
1.6.4
1.6.5
1.6.6
1.6.8
1.6.9
1.7.0
1.7.1
1.7.10
1.7.11
1.7.12
1.7.13
1.7.14
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.2
1.7.20
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.8.0
1.8.1
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.15
1.8.16
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8734.json"