3.3
CVSSv2

CVE-2013-4277

Published: 16/09/2013 Updated: 19/09/2017
CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4
VMScore: 294
Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Summary

Svnserve in Apache Subversion 1.4.0 up to and including 1.7.12 and 1.8.0 up to and including 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion 1.4.0

apache subversion 1.4.1

apache subversion 1.4.2

apache subversion 1.4.3

apache subversion 1.4.4

apache subversion 1.4.5

apache subversion 1.4.6

apache subversion 1.5.0

apache subversion 1.5.1

apache subversion 1.5.2

apache subversion 1.5.3

apache subversion 1.5.4

apache subversion 1.5.5

apache subversion 1.5.6

apache subversion 1.5.7

apache subversion 1.5.8

apache subversion 1.6.0

apache subversion 1.6.1

apache subversion 1.6.2

apache subversion 1.6.3

apache subversion 1.6.4

apache subversion 1.6.5

apache subversion 1.6.6

apache subversion 1.6.7

apache subversion 1.6.8

apache subversion 1.6.9

apache subversion 1.6.10

apache subversion 1.6.11

apache subversion 1.6.12

apache subversion 1.6.13

apache subversion 1.6.14

apache subversion 1.6.15

apache subversion 1.6.16

apache subversion 1.6.17

apache subversion 1.6.18

apache subversion 1.6.19

apache subversion 1.6.20

apache subversion 1.6.21

apache subversion 1.6.23

apache subversion 1.7.0

apache subversion 1.7.1

apache subversion 1.7.2

apache subversion 1.7.3

apache subversion 1.7.4

apache subversion 1.7.5

apache subversion 1.7.6

apache subversion 1.7.7

apache subversion 1.7.8

apache subversion 1.7.9

apache subversion 1.7.10

apache subversion 1.7.11

apache subversion 1.7.12

apache subversion 1.8.0

apache subversion 1.8.1

Vendor Advisories

Debian Bug report logs - #721542 subversion: CVE-2013-4277: local privilege escalation vulnerability via symlink attack Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> ...
Svnserve in Apache Subversion 140 through 1712 and 180 through 181 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option ...
Debian Bug report logs - #717794 subversion: CVE-2013-4131 Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 25 Jul 2013 07:51:02 UTC Severity: important Tags: ...