CVE-2007-2448

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:S/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
http://www.securityfocus.com/bid/24463	Patch
http://securitytracker.com/id?1018237	Patch
https://issues.rpath.com/browse/RPL-1896
http://www.vupen.com/english/advisories/2011/0264
http://secunia.com/advisories/43139
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2007/2230
http://osvdb.org/36070

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*

Information

Published : 2007-06-14 16:30

Updated : 2012-11-05 19:38

NVD link : CVE-2007-2448

Mitre link : CVE-2007-2448

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

subversion

subversion

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt", "name": "http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/24463", "name": "24463", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1018237", "name": "1018237", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "https://issues.rpath.com/browse/RPL-1896", "name": "https://issues.rpath.com/browse/RPL-1896", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2011/0264", "name": "ADV-2011-0264", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/43139", "name": "43139", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/USN-1053-1", "name": "USN-1053-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.vupen.com/english/advisories/2007/2230", "name": "ADV-2007-2230", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/36070", "name": "36070", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Subversion 1.4.3 and earlier does not properly implement the \"partial access\" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-2448", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-06-14T23:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.4.3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-11-06T03:38Z"}