ID CVE-2007-2448
Summary Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
References
Vulnerable Configurations
  • cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 06-11-2012 - 03:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:S/C:P/I:N/A:N
redhat via4
advisories
bugzilla
id 521900
title Fix instances of #!/usr/bin/env python in subversion
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment mod_dav_svn is earlier than 0:1.6.11-7.el5
        oval oval:com.redhat.rhea:tst:20110039008
      • comment mod_dav_svn is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhea:tst:20110039009
    • AND
      • comment subversion is earlier than 0:1.6.11-7.el5
        oval oval:com.redhat.rhea:tst:20110039002
      • comment subversion is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhea:tst:20110039003
    • AND
      • comment subversion-devel is earlier than 0:1.6.11-7.el5
        oval oval:com.redhat.rhea:tst:20110039006
      • comment subversion-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhea:tst:20110039007
    • AND
      • comment subversion-javahl is earlier than 0:1.6.11-7.el5
        oval oval:com.redhat.rhea:tst:20110039004
      • comment subversion-javahl is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhea:tst:20110039005
    • AND
      • comment subversion-perl is earlier than 0:1.6.11-7.el5
        oval oval:com.redhat.rhea:tst:20110039012
      • comment subversion-perl is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhea:tst:20110039013
    • AND
      • comment subversion-ruby is earlier than 0:1.6.11-7.el5
        oval oval:com.redhat.rhea:tst:20110039010
      • comment subversion-ruby is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhea:tst:20110039011
rhsa
released 2011-01-12
severity None
title RHEA-2011:0039: subversion enhancement update (None)
rpms
  • mod_dav_svn-0:1.6.11-7.el5
  • subversion-0:1.6.11-7.el5
  • subversion-devel-0:1.6.11-7.el5
  • subversion-javahl-0:1.6.11-7.el5
  • subversion-perl-0:1.6.11-7.el5
  • subversion-ruby-0:1.6.11-7.el5
refmap via4
bid 24463
confirm
osvdb 36070
sectrack 1018237
secunia 43139
ubuntu USN-1053-1
vupen
  • ADV-2007-2230
  • ADV-2011-0264
statements via4
contributor Mark J Cox
lastmodified 2007-06-26
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2448 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Last major update 06-11-2012 - 03:38
Published 14-06-2007 - 23:30
Back to Top