Lucene search

[email protected]CVE-2013-4262

HistoryJul 28, 2014 - 7:55 p.m.

CVE-2013-4262

2014-07-2819:55:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2013-4262

subversion

svnwcsub.py

local privilege escalation

symlink attack

nvd

6.3 Medium

AI Score

Confidence

Low

2.4 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.

CPENameOperatorVersion
apache:subversionapache subversioneq1.8.2
apache:subversionapache subversioneq1.8.0
apache:subversionapache subversioneq1.8.1

CPE	Name	Operator	Version
apache:subversion	apache subversion	eq	1.8.2
apache:subversion	apache subversion	eq	1.8.0
apache:subversion	apache subversion	eq	1.8.1

References

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

subversion.apache.org/security/CVE-2013-4262-advisory.txt

6.3 Medium

AI Score

Confidence

Low

2.4 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2013-4262

cvelist2 debiancve2 cve1 ubuntucve2 prion2 nessus2