CVE-2016-6312 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-6312 Interim 1 20 2025-10-05T02:41:04Z current 2021-05-30T13:44:40Z 2025-10-05T02:41:04Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-6312 The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Studio Onsite 1.3 libapr1 libapr1-32bit libapr1-devel libapr1-devel-32bit libapr1 as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata libapr1 as a component of SUSE Linux Enterprise Server 11 SP2 LTSS libapr1 as a component of SUSE Linux Enterprise Server 11 SP3 LTSS libapr1 as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata libapr1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libapr1-32bit as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libapr1 as a component of SUSE Linux Enterprise Server 12 SP1 libapr1 as a component of SUSE Linux Enterprise Server 12-LTSS libapr1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libapr1-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libapr1-devel-32bit as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libapr1 as a component of SUSE Linux Enterprise Software Development Kit 12 libapr1-devel as a component of SUSE Linux Enterprise Software Development Kit 12 libapr1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libapr1-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libapr1-devel as a component of SUSE Studio Onsite 1.3 libapr1 as a component of SUSE Studio Onsite 1.3 The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955. CVE-2016-6312 SUSE Linux Enterprise Server 11 SP1 for Teradata:libapr1 SUSE Linux Enterprise Server 11 SP2 LTSS:libapr1 SUSE Linux Enterprise Server 11 SP3 LTSS:libapr1 SUSE Linux Enterprise Server 11 SP3 for Teradata:libapr1 SUSE Linux Enterprise Server 11 SP4-LTSS:libapr1 SUSE Linux Enterprise Server 11 SP4-LTSS:libapr1-32bit SUSE Linux Enterprise Server 12 SP1:libapr1 SUSE Linux Enterprise Server 12-LTSS:libapr1 SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1 SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel SUSE Linux Enterprise Software Development Kit 11 SP4:libapr1-devel-32bit SUSE Linux Enterprise Software Development Kit 12 SP1:libapr1 SUSE Linux Enterprise Software Development Kit 12 SP1:libapr1-devel SUSE Linux Enterprise Software Development Kit 12:libapr1 SUSE Linux Enterprise Software Development Kit 12:libapr1-devel SUSE Studio Onsite 1.3:libapr1 SUSE Studio Onsite 1.3:libapr1-devel moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H