Lucene search

[email protected]NVD:CVE-2017-9800

HistoryAug 11, 2017 - 9:29 p.m.

CVE-2017-9800

2017-08-1121:29:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.129

Percentile

95.5%

JSON

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server’s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

Affected configurations

Nvd

Node

apachesubversionRange≤1.8.18

apachesubversionMatch1.9.0

apachesubversionMatch1.9.1

apachesubversionMatch1.9.2

apachesubversionMatch1.9.3

apachesubversionMatch1.9.4

apachesubversionMatch1.9.5

apachesubversionMatch1.9.6

apachesubversionMatch1.10.0

apachesubversionMatch1.10.0alpha1

apachesubversionMatch1.10.0alpha2

apachesubversionMatch1.10.0alpha3

VendorProductVersionCPE
apachesubversion*cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
apachesubversion1.9.0cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*
apachesubversion1.9.1cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*
apachesubversion1.9.2cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*
apachesubversion1.9.3cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*
apachesubversion1.9.4cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*
apachesubversion1.9.5cpe:2.3:a:apache:subversion:1.9.5:*:*:*:*:*:*:*
apachesubversion1.9.6cpe:2.3:a:apache:subversion:1.9.6:*:*:*:*:*:*:*
apachesubversion1.10.0cpe:2.3:a:apache:subversion:1.10.0:*:*:*:*:*:*:*
apachesubversion1.10.0cpe:2.3:a:apache:subversion:1.10.0:alpha1:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	subversion	*	cpe:2.3:a:apache:subversion::::::::
apache	subversion	1.9.0	cpe:2.3:a:apache:subversion:1.9.0:::::::*
apache	subversion	1.9.1	cpe:2.3:a:apache:subversion:1.9.1:::::::*
apache	subversion	1.9.2	cpe:2.3:a:apache:subversion:1.9.2:::::::*
apache	subversion	1.9.3	cpe:2.3:a:apache:subversion:1.9.3:::::::*
apache	subversion	1.9.4	cpe:2.3:a:apache:subversion:1.9.4:::::::*
apache	subversion	1.9.5	cpe:2.3:a:apache:subversion:1.9.5:::::::*
apache	subversion	1.9.6	cpe:2.3:a:apache:subversion:1.9.6:::::::*
apache	subversion	1.10.0	cpe:2.3:a:apache:subversion:1.10.0:::::::*
apache	subversion	1.10.0	cpe:2.3:a:apache:subversion:1.10.0:alpha1::::::