CVEs-PoC/2016/CVE-2016-8734.md

### [CVE-2016-8734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8734)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Subversion&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.4.0%20to%201.8.16%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.9.0%20to%201.9.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service&color=brightgreen)

### Description

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuoct2020.html

#### Github
- https://github.com/RedHatProductSecurity/rhsecapi
- https://github.com/auditt7708/rhsecapi