CVE-2007-2448

CVE-2007-2448

EPSS 1.5%

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://osvdb.org/36070 http://secunia.com/advisories/43139 http://securitytracker.com/id?1018237 https://issues.rpath.com/browse/RPL-1896 http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt http://www.securityfocus.com/bid/24463 http://www.ubuntu.com/usn/USN-1053-1 http://www.vupen.com/english/advisories/2007/2230 http://www.vupen.com/english/advisories/2011/0264