[email protected]CVE-2009-0240

HistoryJan 21, 2009 - 2:30 a.m.

CVE-2009-0240

2009-01-2102:30:00

CWE-264

[email protected]

web.nvd.nist.gov

websvn

listing.php

remote file read

cve-2009-0240

nvd

6 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.1%

JSON

listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.

CPENameOperatorVersion
tigris:websvntigris websvneq2.0

CPE	Name	Operator	Version
tigris:websvn	tigris websvn	eq	2.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191

secunia.com/advisories/32338

secunia.com/advisories/33945

secunia.com/advisories/34191

www.debian.org/security/2009/dsa-1725

www.gentoo.org/security/en/glsa/glsa-200903-20.xml

www.openwall.com/lists/oss-security/2009/01/18/2

exchange.xforce.ibmcloud.com/vulnerabilities/48171

6 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.1%

JSON

Related for CVE-2009-0240

securityvulns4 seebug1 openvas8 prion1 ubuntucve1 nessus3 debian1 gentoo1 freebsd1