FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)

Affected packages
subversion18 < 1.8.17
subversion < 1.9.5

Details

VuXML ID ac256985-b6a9-11e6-a3bf-206a8a720317
Discovery 2016-11-29
Entry 2016-11-29

The Apache Software Foundation reports:

The mod_dontdothat module of subversion and subversion clients using http(s):// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of resources. The attack is also known as the "billions of laughs attack."

References

CVE Name CVE-2016-8734
URL http://subversion.apache.org/security/CVE-2016-8734-advisory.txt