Published: 21/01/2015 Updated: 26/08/2016

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.

Vulnerable Product	Search on Vulmon	Subscribe to Product
websvn websvn 2.3.3
debian debian linux 7.0

Debian Bug report logs - #775682 websvn: CVE-2013-6892: arbitrary file access when downloads enabled for users with commit access Package: websvn; Maintainer for websvn is Pierre Chifflier <pollux@debianorg>; Source for websvn is src:websvn (PTS, buildd, popcon) Reported by: Thijs Kinkhorst <thijs@debianorg> Date: ...

James Clawson discovered that websvn, a web viewer for Subversion repositories, would follow symlinks in a repository when presenting a file for download An attacker with repository write access could thereby access any file on disk readable by the user the webserver runs as For the stable distribution (wheezy), this problem has been fixed in ver ...

CWE-200 http://secunia.com/advisories/62233 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682 http://www.debian.org/security/2015/dsa-3137 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682 https://www.debian.org/security/./dsa-3137 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-6892

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect