Lucene search

[email protected]CVE-2007-3846

HistoryAug 28, 2007 - 6:17 p.m.

CVE-2007-3846

2007-08-2818:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-3846

nvd

subversion

tortoisesvn

windows

remote code execution

authentication

vulnerability

7 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.5%

JSON

Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a …\ (dot dot backslash) sequence in the filename, as stored in the file repository.

CPENameOperatorVersion
subversion:subversionsubversionle1.4.4
tortoisesvn:tortoisesvntortoisesvnle1.4.4

CPE	Name	Operator	Version
subversion:subversion	subversion	le	1.4.4
tortoisesvn:tortoisesvn	tortoisesvn	le	1.4.4

References

crisp.cs.du.edu/?q=node/36

osvdb.org/40118

osvdb.org/40119

secunia.com/advisories/26625

secunia.com/advisories/26632

securitytracker.com/id?1018617

subversion.tigris.org/servlets/NewsItemView?newsItemID=1941

subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413

tortoisesvn.net/node/291

www.securityfocus.com/bid/25468

www.vupen.com/english/advisories/2007/3003

www.vupen.com/english/advisories/2007/3004

exchange.xforce.ibmcloud.com/vulnerabilities/36312

7 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2007-3846

prion1