Published: 21/01/2009 Updated: 08/08/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tigris websvn 2.0

Debian Bug report logs - #512191 websvn: WebSVN exposes protected files to users with insufficient permissions Package: websvn; Maintainer for websvn is Pierre Chifflier <pollux@debianorg>; Source for websvn is src:websvn (PTS, buildd, popcon) Reported by: Bas van Schaik <bas@tuxesnl> Date: Sun, 18 Jan 2009 12:21:0 ...

Bas van Schaik discovered that WebSVN, a tool to view Subversion repositories over the web, did not properly restrict access to private repositories, allowing a remote attacker to read significant parts of their content The old stable distribution (etch) is not affected by this problem For the stable distribution (lenny), this problem has been fi ...

CWE-264 http://www.openwall.com/lists/oss-security/2009/01/18/2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191 http://secunia.com/advisories/32338 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://secunia.com/advisories/34191 http://www.debian.org/security/2009/dsa-1725 http://secunia.com/advisories/33945 https://exchange.xforce.ibmcloud.com/vulnerabilities/48171 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191 https://nvd.nist.gov https://www.debian.org/security/./dsa-1725

CVE-2009-0240

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect