CVE-2013-4277

2013-09-1619:14:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-4277

apache subversion

symlink attack

arbitrary files

kill processes

pid-file

nvd

6 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.

CPENameOperatorVersion
apache:subversionapache subversioneq1.6.10
apache:subversionapache subversioneq1.6.19
apache:subversionapache subversioneq1.4.5
apache:subversionapache subversioneq1.7.3
apache:subversionapache subversioneq1.6.20
apache:subversionapache subversioneq1.8.0
apache:subversionapache subversioneq1.4.2
apache:subversionapache subversioneq1.6.2
apache:subversionapache subversioneq1.7.1
apache:subversionapache subversioneq1.7.11

CPE	Name	Operator	Version
apache:subversion	apache subversion	eq	1.6.10
apache:subversion	apache subversion	eq	1.6.19
apache:subversion	apache subversion	eq	1.4.5
apache:subversion	apache subversion	eq	1.7.3
apache:subversion	apache subversion	eq	1.6.20
apache:subversion	apache subversion	eq	1.8.0
apache:subversion	apache subversion	eq	1.4.2
apache:subversion	apache subversion	eq	1.6.2
apache:subversion	apache subversion	eq	1.7.1
apache:subversion	apache subversion	eq	1.7.11