ID |
CVE-2007-2448
|
Summary |
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 2.1 (as of 06-11-2012 - 03:38) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:H/Au:S/C:P/I:N/A:N
|
redhat
via4
|
advisories | bugzilla | id | 521900 | title | Fix instances of #!/usr/bin/env python in subversion |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhba:tst:20070331005 |
OR | AND | comment | mod_dav_svn is earlier than 0:1.6.11-7.el5 | oval | oval:com.redhat.rhea:tst:20110039001 |
comment | mod_dav_svn is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhea:tst:20110039002 |
|
AND | comment | subversion is earlier than 0:1.6.11-7.el5 | oval | oval:com.redhat.rhea:tst:20110039003 |
comment | subversion is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhea:tst:20110039004 |
|
AND | comment | subversion-devel is earlier than 0:1.6.11-7.el5 | oval | oval:com.redhat.rhea:tst:20110039005 |
comment | subversion-devel is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhea:tst:20110039006 |
|
AND | comment | subversion-javahl is earlier than 0:1.6.11-7.el5 | oval | oval:com.redhat.rhea:tst:20110039007 |
comment | subversion-javahl is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhea:tst:20110039008 |
|
AND | comment | subversion-perl is earlier than 0:1.6.11-7.el5 | oval | oval:com.redhat.rhea:tst:20110039009 |
comment | subversion-perl is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhea:tst:20110039010 |
|
AND | comment | subversion-ruby is earlier than 0:1.6.11-7.el5 | oval | oval:com.redhat.rhea:tst:20110039011 |
comment | subversion-ruby is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhea:tst:20110039012 |
|
|
|
|
| rhsa | id | RHEA-2011:0039 | released | 2011-01-13 | severity | Low | title | RHEA-2011:0039: subversion enhancement update (Low) |
|
| rpms | - mod_dav_svn-0:1.6.11-7.el5
- subversion-0:1.6.11-7.el5
- subversion-debuginfo-0:1.6.11-7.el5
- subversion-devel-0:1.6.11-7.el5
- subversion-javahl-0:1.6.11-7.el5
- subversion-perl-0:1.6.11-7.el5
- subversion-ruby-0:1.6.11-7.el5
|
|
refmap
via4
|
bid | 24463 | confirm | | osvdb | 36070 | sectrack | 1018237 | secunia | 43139 | ubuntu | USN-1053-1 | vupen | - ADV-2007-2230
- ADV-2011-0264
|
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2007-06-26 | organization | Red Hat | statement | Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2448
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
|
Last major update |
06-11-2012 - 03:38 |
Published |
14-06-2007 - 23:30 |
Last modified |
06-11-2012 - 03:38 |