CVE-2017-9800
Vulnerability from cvelistv5
Published
2017-08-11 21:00
Modified
2024-09-16 23:36
Severity ?
Summary
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
References
security@apache.orghttp://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
security@apache.orghttp://www.debian.org/security/2017/dsa-3932
security@apache.orghttp://www.securityfocus.com/archive/1/540999/100/0/threaded
security@apache.orghttp://www.securityfocus.com/bid/100259Third Party Advisory, VDB Entry
security@apache.orghttp://www.securitytracker.com/id/1039127Third Party Advisory, VDB Entry
security@apache.orghttps://access.redhat.com/errata/RHSA-2017:2480
security@apache.orghttps://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
security@apache.orghttps://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E
security@apache.orghttps://security.gentoo.org/glsa/201709-09
security@apache.orghttps://subversion.apache.org/security/CVE-2017-9800-advisory.txtVendor Advisory
security@apache.orghttps://support.apple.com/HT208103
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3932
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/540999/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100259Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039127Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2480
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-09
af854a3a-2127-422b-91ae-364da2661108https://subversion.apache.org/security/CVE-2017-9800-advisory.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT208103
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.html
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:18:01.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "100259",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100259"
          },
          {
            "name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
          },
          {
            "name": "RHSA-2017:2480",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2480"
          },
          {
            "name": "1039127",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039127"
          },
          {
            "name": "GLSA-201709-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-09"
          },
          {
            "name": "DSA-3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3932"
          },
          {
            "name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208103"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Subversion",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0 to 1.8.18"
            },
            {
              "status": "affected",
              "version": "1.9.0 to 1.9.6"
            }
          ]
        }
      ],
      "datePublic": "2017-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\u0027s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:52",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "100259",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100259"
        },
        {
          "name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
        },
        {
          "name": "RHSA-2017:2480",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2480"
        },
        {
          "name": "1039127",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039127"
        },
        {
          "name": "GLSA-201709-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-09"
        },
        {
          "name": "DSA-3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3932"
        },
        {
          "name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208103"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2017-08-10T00:00:00",
          "ID": "CVE-2017-9800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Subversion",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.0 to 1.8.18"
                          },
                          {
                            "version_value": "1.9.0 to 1.9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\u0027s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63@%3Cannounce.apache.org%3E"
            },
            {
              "name": "100259",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100259"
            },
            {
              "name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
            },
            {
              "name": "RHSA-2017:2480",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2480"
            },
            {
              "name": "1039127",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039127"
            },
            {
              "name": "GLSA-201709-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-09"
            },
            {
              "name": "DSA-3932",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3932"
            },
            {
              "name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76@%3Ccommits.subversion.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html",
              "refsource": "CONFIRM",
              "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
            },
            {
              "name": "https://support.apple.com/HT208103",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208103"
            },
            {
              "name": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt",
              "refsource": "CONFIRM",
              "url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
            },
            {
              "name": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-9800",
    "datePublished": "2017-08-11T21:00:00Z",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-09-16T23:36:59.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9800\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-08-11T21:29:00.587\",\"lastModified\":\"2024-11-21T03:36:52.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\u0027s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\"},{\"lang\":\"es\",\"value\":\"Una URL creada con fines maliciosos svn+ssh:// podr\u00eda provocar que clientes de Subversion en versiones anteriores a la 1.8.19, en versiones 1.9.x anteriores a la 1.9.7, y en versiones 1.10.0.x a 1.10.0-alpha3 ejecuten un comando shell arbitrario. Tal URL podr\u00eda ser generada por un servidor malicioso, por un usuario malicioso que se confirma en un servidor honesto (para atacar otro usuario de los repositorios de ese servidor), o por un servidor proxy. La vulnerabilidad afecta a todos los clientes, incluyendo aquellos que usan file://, http://, y svn:// plano (sin t\u00fanel).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.18\",\"matchCriteriaId\":\"C10F0402-14B0-4870-91A0-53BA3200B2B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"892FF423-1848-4E69-8C4C-E1972B656196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ACF37C7-8752-4A8F-B7E3-2E813C4A0DF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74200C33-9505-48EB-964D-6CA28C7F6DB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09FBAFE7-986D-4B24-8122-FDCC380331C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32B6148E-3E5F-4DCB-BD8E-45B3D56CB18C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA37FBDF-C9BD-4D8F-B24A-CC35DF7EE7FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E228BEF8-CACB-46DF-816B-ECCB406DFB60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDEDF94B-8B94-43AD-8DA7-580EF40CAD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.10.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8053093C-E4F4-411B-A4B7-1728E40E7D89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.10.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6997704A-5C87-47B7-BF17-5C0F43642065\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.10.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1E5C581-41D7-4694-A050-5455D6C8BB74\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3932\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/540999/100/0/threaded\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/100259\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039127\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2480\",\"source\":\"security@apache.org\"},{\"url\":\"https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/201709-09\",\"source\":\"security@apache.org\"},{\"url\":\"https://subversion.apache.org/security/CVE-2017-9800-advisory.txt\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208103\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/540999/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/100259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201709-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://subversion.apache.org/security/CVE-2017-9800-advisory.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.