{"id":"CVE-2016-8734","details":"Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.","modified":"2026-04-16T06:15:49.758004175Z","published":"2017-10-16T13:29:00.220Z","related":["SUSE-SU-2017:2163-1","SUSE-SU-2017:2200-1","openSUSE-SU-2024:10538-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037361"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3932"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94588"},{"type":"REPORT","url":"https://subversion.apache.org/security/CVE-2016-8734-advisory.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/subversion","events":[{"introduced":"0"},{"last_affected":"3dd825ec65165222c2347104d174b69b7ba2b0c9"},{"introduced":"0"},{"last_affected":"fb1a48ea90df410f16f6c6ffe47fc0d5b1f782cc"},{"introduced":"0"},{"last_affected":"6808637504c0078473113e13f8f50c15b577d0d2"},{"introduced":"0"},{"last_affected":"82240dd68da26ea86821dbb4e0f370099f77b3d1"},{"introduced":"0"},{"last_affected":"b6f6139e28393f76ce24949071ea49389c3f097c"},{"introduced":"0"},{"last_affected":"60f2a5a23627cfffc2ca861f25319065f0437cee"},{"introduced":"0"},{"last_affected":"681d68ef6a6fd67a6f31e6d90e83e65e6a29c0ae"},{"introduced":"0"},{"last_affected":"efeb54930ea525412643809a05473a075c04521c"},{"introduced":"0"},{"last_affected":"3ecc188f6b06a9349768f5594eec7c4fa9bb92f1"},{"introduced":"0"},{"last_affected":"48e6cf3eafddbd5f318c4c5d6023c8b5371ac532"},{"introduced":"0"},{"last_affected":"037cdbc70830a2978e43f651ca704b10ec9d3a05"},{"introduced":"0"},{"last_affected":"325d5a072757c45aab0ccf802190e8ecccd0dd1e"},{"introduced":"0"},{"last_affected":"d52e4d8128461942ce4d495fbf5c4ef020bb2e2a"},{"introduced":"0"},{"last_affected":"5630bac78658acd256bd64506e8f69045ba78003"},{"introduced":"0"},{"last_affected":"5d9f0e6726e28e5cf43e857033cc6658fb1d0bb5"},{"introduced":"0"},{"last_affected":"f1dccf04a58fef0de466918a583067ceaccf9a3b"},{"introduced":"0"},{"last_affected":"d76021d164fc3a617120ebd81f6ae5e43ad8a0c4"},{"introduced":"0"},{"last_affected":"7842912504294e6241ff0fdb7971e91224d4dfdb"},{"introduced":"0"},{"last_affected":"8a154b5fb76ffacf4170ddded153f49348d3df12"},{"introduced":"0"},{"last_affected":"bfcfce5f8efc0244011cf51c1ad7359021068b60"},{"introduced":"0"},{"last_affected":"75f6673eb83f0820569fe8c4c1a4eddeb847a2f4"},{"introduced":"0"},{"last_affected":"ecd3ad3f00605c7a271d57a176061bb006a06ecd"},{"introduced":"0"},{"last_affected":"2b7574250bb2dab00cf0fa840e38807c2e95e177"},{"introduced":"0"},{"last_affected":"eff6041bbd2da842ad7c510f3f269921add2d435"},{"introduced":"0"},{"last_affected":"e096a5e22aa3a8bca30e2a4c6fa4b4a5bfd1f38f"},{"introduced":"0"},{"last_affected":"766e99ae0460ce797d263ad63100e275736428ff"},{"introduced":"0"},{"last_affected":"c038871c2a6b281f30d893949dc0d1705c3876a6"},{"introduced":"0"},{"last_affected":"862040e936a1aa9eb23214cbba3cf32ece30ce6b"},{"introduced":"0"},{"last_affected":"c2c48e71cb85fb85c1146ac66be6a20d5f772459"},{"introduced":"0"},{"last_affected":"2c9ec8ef409389cdaa605a1faaa61a41907badb0"},{"introduced":"0"},{"last_affected":"330041fe2b6c49b7dd5e2defd6193b6bc263c325"},{"introduced":"0"},{"last_affected":"b3677ed3b5adca7f4e679884ec154cce5c73a48c"},{"introduced":"0"},{"last_affected":"7025076179c1227204d6cf090128e16a80b7367e"},{"introduced":"0"},{"last_affected":"d790585b8e2667f86b1d2a306a6fd3172aed1b2b"},{"introduced":"0"},{"last_affected":"461ae9d97a387551b152a39a8c026e9743452f3d"},{"introduced":"0"},{"last_affected":"28a7ba4756f227cf24be56a6ecdff9bbefd489df"},{"introduced":"0"},{"last_affected":"7f64f8a2a65527ee358fb2ccc7a6eb9afeecc48c"},{"introduced":"0"},{"last_affected":"3b96e0b7c8a3225be56b6a987f83a12524f88754"},{"introduced":"0"},{"last_affected":"08a4688bda9204c93c638be81101c8dd20d275e0"},{"introduced":"0"},{"last_affected":"a17f1a75f43e99e99bd0c42ab51c9ad7801a8863"},{"introduced":"0"},{"last_affected":"ee06e5a53995fbea8b44030eb0cac8b944269d66"},{"introduced":"0"},{"last_affected":"dc0c17ccf32a0e33ab857bb29359a78f253fd8f4"},{"introduced":"0"},{"last_affected":"a3d58ef8e16565cfbb28f5ac7f567bd0034cfa96"},{"introduced":"0"},{"last_affected":"12d9bb7e55eaef253e94ff41e9cdcb8f0280ae4d"},{"introduced":"0"},{"last_affected":"abb5942b351e18952486f778e07c359514519dab"},{"introduced":"0"},{"last_affected":"7afc8760cd51ab4e8038f13f742d291c04421b32"},{"introduced":"0"},{"last_affected":"6dc74f99b8037019274c6c95f1165640fceb076d"},{"introduced":"0"},{"last_affected":"fc59b48000a772c634e9316f85649a1982ce37ef"},{"introduced":"0"},{"last_affected":"50f98394c60fc723984c625c7b7bf59eb002778a"},{"introduced":"0"},{"last_affected":"5991d4f8e73f1cf7abf47db68279877f2874a552"},{"introduced":"0"},{"last_affected":"3377d6f8941ff55b1fdeaa0e8862b03902a8f9d7"},{"introduced":"0"},{"last_affected":"37fc8aa1484784480ac71ab85ed8a79529487e0f"},{"introduced":"0"},{"last_affected":"17d7735f656588e79641897aebd990d028b92cea"},{"introduced":"0"},{"last_affected":"7665a987cb74e217474f21ec063dbf24c69b3624"},{"introduced":"0"},{"last_affected":"bd6c215f0b0c95a57cda7098adac1cc60f379578"},{"introduced":"0"},{"last_affected":"0f1c5a0b48ff010953bbb9cb8ff05e79427c0396"},{"introduced":"0"},{"last_affected":"69a337f1474944529566bc32581770f17cc0af0c"},{"introduced":"0"},{"last_affected":"2b4c2e8507385d92549fab3bda844a96cb6a6ba4"},{"introduced":"0"},{"last_affected":"2a1da160aefefbb8f6c7a401348de9c5e909838c"},{"introduced":"0"},{"last_affected":"6ac0bbcfd6f3ea8d90fde706a7c9cfeb29d7c349"},{"introduced":"0"},{"last_affected":"4c63e7cdc7aeea8e3e38551c0665af7a495c2952"},{"introduced":"0"},{"last_affected":"8190064c7276405e2d6d822e8553b514058d180e"},{"introduced":"0"},{"last_affected":"2421fae8f18f6e50e351c2b6c5bdb0618511db35"},{"introduced":"0"},{"last_affected":"ac3365e6673cb1a95902a4a84a9a3318add52fab"},{"introduced":"0"},{"last_affected":"ec2d4883a917c6108d43b992f431b33ab3a67536"},{"introduced":"0"},{"last_affected":"7f3ce689da1650b081a95ff0c1da1918f8564d10"},{"introduced":"0"},{"last_affected":"ba6f0f6e07a946a762ef4e065c131488425e6d8b"},{"introduced":"0"},{"last_affected":"1fceb5d76f0bb17c0b54c2f04813f5aa9da44b3b"},{"introduced":"0"},{"last_affected":"13ba6f378327b181245755b79f5ab588ab60a884"},{"introduced":"0"},{"last_affected":"ca672a52b1eab7e53f7c14aab8f90557d30317c0"},{"introduced":"0"},{"last_affected":"85cdf5358d526ad1b39632d1810bcef96e578554"},{"introduced":"0"},{"last_affected":"7e3c0e7e2396df845a8eb85d6620cfba0892f71b"},{"introduced":"0"},{"last_affected":"f56cb3f5443be1cdc84201b8bcea476e6388fdfe"},{"introduced":"0"},{"last_affected":"3dec6a0529685631fa7a4975a59424f815f121cb"},{"introduced":"0"},{"last_affected":"874751937dace02c3389aafbb722c23f646e3f9f"},{"introduced":"0"},{"last_affected":"d5c449a05c043ec247cb68cb2bbb891779eb8566"},{"introduced":"0"},{"last_affected":"6a714a24a489050364efe1db2bc9ec894bbce349"},{"introduced":"0"},{"last_affected":"3f582fc98d82c0f76f7b9e695c53942f99560d11"},{"introduced":"0"},{"last_affected":"e03e7ac2e5341db1dc6646ecbd5893fc72f7d5cd"},{"introduced":"0"},{"last_affected":"42bf8e6f315a69eb1f9a0b293858a6d4642cc1dd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.0"},{"introduced":"0"},{"last_affected":"1.4.2"},{"introduced":"0"},{"last_affected":"1.4.3"},{"introduced":"0"},{"last_affected":"1.4.4"},{"introduced":"0"},{"last_affected":"1.4.5"},{"introduced":"0"},{"last_affected":"1.4.6"},{"introduced":"0"},{"last_affected":"1.5.0"},{"introduced":"0"},{"last_affected":"1.5.1"},{"introduced":"0"},{"last_affected":"1.5.2"},{"introduced":"0"},{"last_affected":"1.5.3"},{"introduced":"0"},{"last_affected":"1.5.4"},{"introduced":"0"},{"last_affected":"1.5.5"},{"introduced":"0"},{"last_affected":"1.5.6"},{"introduced":"0"},{"last_affected":"1.5.7"},{"introduced":"0"},{"last_affected":"1.5.8"},{"introduced":"0"},{"last_affected":"1.6.0"},{"introduced":"0"},{"last_affected":"1.6.1"},{"introduced":"0"},{"last_affected":"1.6.2"},{"introduced":"0"},{"last_affected":"1.6.3"},{"introduced":"0"},{"last_affected":"1.6.4"},{"introduced":"0"},{"last_affected":"1.6.5"},{"introduced":"0"},{"last_affected":"1.6.6"},{"introduced":"0"},{"last_affected":"1.6.8"},{"introduced":"0"},{"last_affected":"1.6.9"},{"introduced":"0"},{"last_affected":"1.6.10"},{"introduced":"0"},{"last_affected":"1.6.11"},{"introduced":"0"},{"last_affected":"1.6.12"},{"introduced":"0"},{"last_affected":"1.6.13"},{"introduced":"0"},{"last_affected":"1.6.14"},{"introduced":"0"},{"last_affected":"1.6.15"},{"introduced":"0"},{"last_affected":"1.6.16"},{"introduced":"0"},{"last_affected":"1.6.17"},{"introduced":"0"},{"last_affected":"1.6.18"},{"introduced":"0"},{"last_affected":"1.6.19"},{"introduced":"0"},{"last_affected":"1.6.20"},{"introduced":"0"},{"last_affected":"1.6.21"},{"introduced":"0"},{"last_affected":"1.6.23"},{"introduced":"0"},{"last_affected":"1.7.0"},{"introduced":"0"},{"last_affected":"1.7.1"},{"introduced":"0"},{"last_affected":"1.7.2"},{"introduced":"0"},{"last_affected":"1.7.3"},{"introduced":"0"},{"last_affected":"1.7.4"},{"introduced":"0"},{"last_affected":"1.7.5"},{"introduced":"0"},{"last_affected":"1.7.6"},{"introduced":"0"},{"last_affected":"1.7.7"},{"introduced":"0"},{"last_affected":"1.7.8"},{"introduced":"0"},{"last_affected":"1.7.9"},{"introduced":"0"},{"last_affected":"1.7.10"},{"introduced":"0"},{"last_affected":"1.7.11"},{"introduced":"0"},{"last_affected":"1.7.12"},{"introduced":"0"},{"last_affected":"1.7.13"},{"introduced":"0"},{"last_affected":"1.7.14"},{"introduced":"0"},{"last_affected":"1.7.15"},{"introduced":"0"},{"last_affected":"1.7.16"},{"introduced":"0"},{"last_affected":"1.7.17"},{"introduced":"0"},{"last_affected":"1.7.18"},{"introduced":"0"},{"last_affected":"1.7.19"},{"introduced":"0"},{"last_affected":"1.7.20"},{"introduced":"0"},{"last_affected":"1.8.0"},{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.8.2"},{"introduced":"0"},{"last_affected":"1.8.3"},{"introduced":"0"},{"last_affected":"1.8.4"},{"introduced":"0"},{"last_affected":"1.8.5"},{"introduced":"0"},{"last_affected":"1.8.6"},{"introduced":"0"},{"last_affected":"1.8.7"},{"introduced":"0"},{"last_affected":"1.8.8"},{"introduced":"0"},{"last_affected":"1.8.9"},{"introduced":"0"},{"last_affected":"1.8.10"},{"introduced":"0"},{"last_affected":"1.8.11"},{"introduced":"0"},{"last_affected":"1.8.12"},{"introduced":"0"},{"last_affected":"1.8.13"},{"introduced":"0"},{"last_affected":"1.8.14"},{"introduced":"0"},{"last_affected":"1.8.15"},{"introduced":"0"},{"last_affected":"1.8.16"},{"introduced":"0"},{"last_affected":"1.9.0"},{"introduced":"0"},{"last_affected":"1.9.1"},{"introduced":"0"},{"last_affected":"1.9.2"},{"introduced":"0"},{"last_affected":"1.9.3"},{"introduced":"0"},{"last_affected":"1.9.4"}]}}],"versions":["1.4.0","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.6.0","1.6.1","1.6.10","1.6.11","1.6.12","1.6.13","1.6.14","1.6.15","1.6.16","1.6.17","1.6.18","1.6.19","1.6.2","1.6.20","1.6.21","1.6.23","1.6.3","1.6.4","1.6.5","1.6.6","1.6.8","1.6.9","1.7.0","1.7.1","1.7.10","1.7.11","1.7.12","1.7.13","1.7.14","1.7.15","1.7.16","1.7.17","1.7.18","1.7.19","1.7.2","1.7.20","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8.0","1.8.1","1.8.10","1.8.11","1.8.12","1.8.13","1.8.14","1.8.15","1.8.16","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.8.8","1.8.9","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8734.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}