All the vulnerabilites related to collabnet - subversion
cve-2013-2088
Vulnerability from cvelistv5
Published
2013-07-31 10:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST | |
| http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST | |
| https://subversion.apache.org/security/CVE-2013-2088-advisory.txt | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772 | vdb-entry, signature, x_refsource_OVAL | |
| https://www.exploit-db.com/exploits/40507/ | exploit, x_refsource_EXPLOIT-DB | |
| http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[subversion-announce] 20130531 Subversion 1.6.23 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"name": "[subversion-announce] 20130531 Apache Subversion 1.7.10 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://subversion.apache.org/security/CVE-2013-2088-advisory.txt"
},
{
"name": "oval:org.mitre.oval:def:18772",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772"
},
{
"name": "40507",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40507/"
},
{
"name": "openSUSE-SU-2013:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[subversion-announce] 20130531 Subversion 1.6.23 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"name": "[subversion-announce] 20130531 Apache Subversion 1.7.10 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://subversion.apache.org/security/CVE-2013-2088-advisory.txt"
},
{
"name": "oval:org.mitre.oval:def:18772",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772"
},
{
"name": "40507",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40507/"
},
{
"name": "openSUSE-SU-2013:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[subversion-announce] 20130531 Subversion 1.6.23 released",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"name": "[subversion-announce] 20130531 Apache Subversion 1.7.10 released",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"name": "https://subversion.apache.org/security/CVE-2013-2088-advisory.txt",
"refsource": "CONFIRM",
"url": "https://subversion.apache.org/security/CVE-2013-2088-advisory.txt"
},
{
"name": "oval:org.mitre.oval:def:18772",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772"
},
{
"name": "40507",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40507/"
},
{
"name": "openSUSE-SU-2013:1139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2088",
"datePublished": "2013-07-31T10:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1968
Vulnerability from cvelistv5
Published
2013-07-31 10:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST | |
| http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0255.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.ubuntu.com/usn/USN-1893-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://subversion.apache.org/security/CVE-2013-1968-advisory.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2013/dsa-2703 | vendor-advisory, x_refsource_DEBIAN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986 | vdb-entry, signature, x_refsource_OVAL | |
| http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[subversion-announce] 20130531 Subversion 1.6.23 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"name": "[subversion-announce] 20130531 Apache Subversion 1.7.10 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"name": "RHSA-2014:0255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"name": "USN-1893-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://subversion.apache.org/security/CVE-2013-1968-advisory.txt"
},
{
"name": "DSA-2703",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"name": "oval:org.mitre.oval:def:18986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986"
},
{
"name": "openSUSE-SU-2013:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[subversion-announce] 20130531 Subversion 1.6.23 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"name": "[subversion-announce] 20130531 Apache Subversion 1.7.10 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"name": "RHSA-2014:0255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"name": "USN-1893-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://subversion.apache.org/security/CVE-2013-1968-advisory.txt"
},
{
"name": "DSA-2703",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"name": "oval:org.mitre.oval:def:18986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986"
},
{
"name": "openSUSE-SU-2013:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[subversion-announce] 20130531 Subversion 1.6.23 released",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"name": "[subversion-announce] 20130531 Apache Subversion 1.7.10 released",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"name": "RHSA-2014:0255",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"name": "USN-1893-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"name": "https://subversion.apache.org/security/CVE-2013-1968-advisory.txt",
"refsource": "CONFIRM",
"url": "https://subversion.apache.org/security/CVE-2013-1968-advisory.txt"
},
{
"name": "DSA-2703",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"name": "oval:org.mitre.oval:def:18986",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986"
},
{
"name": "openSUSE-SU-2013:1139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1968",
"datePublished": "2013-07-31T10:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2112
Vulnerability from cvelistv5
Published
2013-07-31 10:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST | |
| http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0255.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19057 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.ubuntu.com/usn/USN-1893-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://subversion.apache.org/security/CVE-2013-2112-advisory.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2013/dsa-2703 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[subversion-announce] 20130531 Subversion 1.6.23 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"name": "[subversion-announce] 20130531 Apache Subversion 1.7.10 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"name": "RHSA-2014:0255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"name": "oval:org.mitre.oval:def:19057",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19057"
},
{
"name": "USN-1893-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://subversion.apache.org/security/CVE-2013-2112-advisory.txt"
},
{
"name": "DSA-2703",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"name": "openSUSE-SU-2013:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[subversion-announce] 20130531 Subversion 1.6.23 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"name": "[subversion-announce] 20130531 Apache Subversion 1.7.10 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"name": "RHSA-2014:0255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"name": "oval:org.mitre.oval:def:19057",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19057"
},
{
"name": "USN-1893-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://subversion.apache.org/security/CVE-2013-2112-advisory.txt"
},
{
"name": "DSA-2703",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"name": "openSUSE-SU-2013:1139",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[subversion-announce] 20130531 Subversion 1.6.23 released",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"name": "[subversion-announce] 20130531 Apache Subversion 1.7.10 released",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"name": "RHSA-2014:0255",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"name": "oval:org.mitre.oval:def:19057",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19057"
},
{
"name": "USN-1893-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"name": "https://subversion.apache.org/security/CVE-2013-2112-advisory.txt",
"refsource": "CONFIRM",
"url": "https://subversion.apache.org/security/CVE-2013-2112-advisory.txt"
},
{
"name": "DSA-2703",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"name": "openSUSE-SU-2013:1139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2112",
"datePublished": "2013-07-31T10:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-07-31 13:20
Modified
2024-11-21 01:51
Severity ?
Summary
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| apache | subversion | 1.6.0 | |
| apache | subversion | 1.6.1 | |
| apache | subversion | 1.6.2 | |
| apache | subversion | 1.6.3 | |
| apache | subversion | 1.6.4 | |
| apache | subversion | 1.6.5 | |
| apache | subversion | 1.6.6 | |
| apache | subversion | 1.6.7 | |
| apache | subversion | 1.6.8 | |
| apache | subversion | 1.6.9 | |
| apache | subversion | 1.6.10 | |
| apache | subversion | 1.6.11 | |
| apache | subversion | 1.6.12 | |
| apache | subversion | 1.6.13 | |
| apache | subversion | 1.6.14 | |
| apache | subversion | 1.6.15 | |
| apache | subversion | 1.6.16 | |
| apache | subversion | 1.6.17 | |
| apache | subversion | 1.6.18 | |
| apache | subversion | 1.6.19 | |
| apache | subversion | 1.6.20 | |
| collabnet | subversion | 1.6.17 | |
| apache | subversion | 1.7.0 | |
| apache | subversion | 1.7.1 | |
| apache | subversion | 1.7.2 | |
| apache | subversion | 1.7.3 | |
| apache | subversion | 1.7.4 | |
| apache | subversion | 1.7.5 | |
| apache | subversion | 1.7.6 | |
| apache | subversion | 1.7.7 | |
| apache | subversion | 1.7.8 | |
| apache | subversion | 1.7.9 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.04 | |
| opensuse | opensuse | 11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB53A2F2-923F-4959-95D5-CBD665F68E64",
"versionEndIncluding": "1.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34F463-6350-4F48-B037-856DDBB1A4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C813BA-B8F9-446B-A07F-B51F26815578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF4080D-0D95-429E-88AA-1051A5520C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF50F098-A055-4B79-AC35-6BD6F32D70F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540461D4-87F4-42AB-ADDC-C7A067FE2893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E676744-C623-4894-8764-43588E56D2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "669735D1-1C14-4CD7-AA7C-AD2CA63A1979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C568FD-54BC-4506-AF60-BFE7CE14D0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F71F24-D909-49D9-8B4F-FA757FDF1C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "034D1C36-B73E-443E-A6B4-44CC6E7BC043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D373245-8384-45E4-BE2E-E0518BD7F84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EED44413-D313-4588-9A4B-25F79D0925A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C193EB08-BBC2-43A2-B11A-9C7E2098862D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "022A5BCE-A1DC-48E2-829D-AD9261562095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "155F83A1-A04A-48C0-A801-B38F129F310F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "302DC06D-5FB1-4EF9-B5E1-6407B88D65FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "27A15D05-29BA-4CCC-9348-A516E1E2C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "2004B474-9869-445D-957D-20EF254FB461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8F91A5E0-0DD8-47DD-B52E-A15E8064945F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C34BE8D-6DFF-4E57-971C-8CCEF13E6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDBC5BA-6A3C-4DB9-BE16-83A4EB85100C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:collabnet:subversion:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "473AAEA5-A18F-4BF7-8F70-57E0582AEC16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D102460-B5D5-46C4-8021-7C3510A5FCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92265E60-7BBF-4E8E-A438-4132D8FD57BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "346DE008-472F-47E1-8B96-F968C7D0A003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9BDB22-29E0-48A3-8765-FAC6A3442A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EB3A7-DE33-42CB-9B5E-646B9D4FFBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F63AB9E5-FD99-40A8-B24F-623BDDBCA427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEA6C3E-C41B-4EF9-84E1-72BC6B72D1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B873C1-E7D6-4E55-A5A7-85000B686071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "87D2E8DD-4225-476A-AF17-7621C9A28391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "40D913E2-0FBD-4F6C-8A21-43A0681237BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection."
},
{
"lang": "es",
"value": "El servidor svnserve en Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (salida) terminando una conexi\u00f3n."
}
],
"id": "CVE-2013-2112",
"lastModified": "2024-11-21T01:51:03.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-31T13:20:24.727",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19057"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2013-2112-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2013-2112-advisory.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-31 13:20
Modified
2024-11-21 01:51
Severity ?
Summary
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| apache | subversion | 1.6.0 | |
| apache | subversion | 1.6.1 | |
| apache | subversion | 1.6.2 | |
| apache | subversion | 1.6.3 | |
| apache | subversion | 1.6.4 | |
| apache | subversion | 1.6.5 | |
| apache | subversion | 1.6.6 | |
| apache | subversion | 1.6.7 | |
| apache | subversion | 1.6.8 | |
| apache | subversion | 1.6.9 | |
| apache | subversion | 1.6.10 | |
| apache | subversion | 1.6.11 | |
| apache | subversion | 1.6.12 | |
| apache | subversion | 1.6.13 | |
| apache | subversion | 1.6.14 | |
| apache | subversion | 1.6.15 | |
| apache | subversion | 1.6.16 | |
| apache | subversion | 1.6.17 | |
| apache | subversion | 1.6.18 | |
| apache | subversion | 1.6.19 | |
| apache | subversion | 1.6.20 | |
| collabnet | subversion | 1.6.17 | |
| opensuse | opensuse | 11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB53A2F2-923F-4959-95D5-CBD665F68E64",
"versionEndIncluding": "1.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34F463-6350-4F48-B037-856DDBB1A4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C813BA-B8F9-446B-A07F-B51F26815578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF4080D-0D95-429E-88AA-1051A5520C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF50F098-A055-4B79-AC35-6BD6F32D70F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540461D4-87F4-42AB-ADDC-C7A067FE2893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E676744-C623-4894-8764-43588E56D2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "669735D1-1C14-4CD7-AA7C-AD2CA63A1979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C568FD-54BC-4506-AF60-BFE7CE14D0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F71F24-D909-49D9-8B4F-FA757FDF1C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "034D1C36-B73E-443E-A6B4-44CC6E7BC043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D373245-8384-45E4-BE2E-E0518BD7F84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EED44413-D313-4588-9A4B-25F79D0925A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C193EB08-BBC2-43A2-B11A-9C7E2098862D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "022A5BCE-A1DC-48E2-829D-AD9261562095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "155F83A1-A04A-48C0-A801-B38F129F310F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "302DC06D-5FB1-4EF9-B5E1-6407B88D65FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "27A15D05-29BA-4CCC-9348-A516E1E2C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "2004B474-9869-445D-957D-20EF254FB461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8F91A5E0-0DD8-47DD-B52E-A15E8064945F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C34BE8D-6DFF-4E57-971C-8CCEF13E6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDBC5BA-6A3C-4DB9-BE16-83A4EB85100C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:collabnet:subversion:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "473AAEA5-A18F-4BF7-8F70-57E0582AEC16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename."
},
{
"lang": "es",
"value": "contrib/hook-scripts/svn-keyword-check.pl en Subversion anterior a 1.6.23, permite a usuarios autenticados remotamente con permisos de \"commit\" la ejecuci\u00f3n de comandos arbitrarios a trav\u00e9s de metacaracteres shell en un nombre de archivo."
}
],
"id": "CVE-2013-2088",
"lastModified": "2024-11-21T01:51:00.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-31T13:20:24.710",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2013-2088-advisory.txt"
},
{
"source": "secalert@redhat.com",
"url": "https://www.exploit-db.com/exploits/40507/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2013-2088-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40507/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-31 13:20
Modified
2024-11-21 01:50
Severity ?
Summary
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | subversion | * | |
| apache | subversion | 1.6.0 | |
| apache | subversion | 1.6.1 | |
| apache | subversion | 1.6.2 | |
| apache | subversion | 1.6.3 | |
| apache | subversion | 1.6.4 | |
| apache | subversion | 1.6.5 | |
| apache | subversion | 1.6.6 | |
| apache | subversion | 1.6.7 | |
| apache | subversion | 1.6.8 | |
| apache | subversion | 1.6.9 | |
| apache | subversion | 1.6.10 | |
| apache | subversion | 1.6.11 | |
| apache | subversion | 1.6.12 | |
| apache | subversion | 1.6.13 | |
| apache | subversion | 1.6.14 | |
| apache | subversion | 1.6.15 | |
| apache | subversion | 1.6.16 | |
| apache | subversion | 1.6.17 | |
| apache | subversion | 1.6.18 | |
| apache | subversion | 1.6.19 | |
| apache | subversion | 1.6.20 | |
| collabnet | subversion | 1.6.17 | |
| apache | subversion | 1.7.0 | |
| apache | subversion | 1.7.1 | |
| apache | subversion | 1.7.2 | |
| apache | subversion | 1.7.3 | |
| apache | subversion | 1.7.4 | |
| apache | subversion | 1.7.5 | |
| apache | subversion | 1.7.6 | |
| apache | subversion | 1.7.7 | |
| apache | subversion | 1.7.8 | |
| apache | subversion | 1.7.9 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.04 | |
| opensuse | opensuse | 11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB53A2F2-923F-4959-95D5-CBD665F68E64",
"versionEndIncluding": "1.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34F463-6350-4F48-B037-856DDBB1A4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C813BA-B8F9-446B-A07F-B51F26815578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF4080D-0D95-429E-88AA-1051A5520C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF50F098-A055-4B79-AC35-6BD6F32D70F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "540461D4-87F4-42AB-ADDC-C7A067FE2893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E676744-C623-4894-8764-43588E56D2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "669735D1-1C14-4CD7-AA7C-AD2CA63A1979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C568FD-54BC-4506-AF60-BFE7CE14D0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F71F24-D909-49D9-8B4F-FA757FDF1C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "034D1C36-B73E-443E-A6B4-44CC6E7BC043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D373245-8384-45E4-BE2E-E0518BD7F84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EED44413-D313-4588-9A4B-25F79D0925A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C193EB08-BBC2-43A2-B11A-9C7E2098862D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "022A5BCE-A1DC-48E2-829D-AD9261562095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "155F83A1-A04A-48C0-A801-B38F129F310F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "302DC06D-5FB1-4EF9-B5E1-6407B88D65FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "27A15D05-29BA-4CCC-9348-A516E1E2C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "2004B474-9869-445D-957D-20EF254FB461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8F91A5E0-0DD8-47DD-B52E-A15E8064945F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C34BE8D-6DFF-4E57-971C-8CCEF13E6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDBC5BA-6A3C-4DB9-BE16-83A4EB85100C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:collabnet:subversion:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "473AAEA5-A18F-4BF7-8F70-57E0582AEC16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D102460-B5D5-46C4-8021-7C3510A5FCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92265E60-7BBF-4E8E-A438-4132D8FD57BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "346DE008-472F-47E1-8B96-F968C7D0A003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9BDB22-29E0-48A3-8765-FAC6A3442A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EB3A7-DE33-42CB-9B5E-646B9D4FFBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F63AB9E5-FD99-40A8-B24F-623BDDBCA427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEA6C3E-C41B-4EF9-84E1-72BC6B72D1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B873C1-E7D6-4E55-A5A7-85000B686071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "87D2E8DD-4225-476A-AF17-7621C9A28391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "40D913E2-0FBD-4F6C-8A21-43A0681237BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name."
},
{
"lang": "es",
"value": "Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (corrupci\u00f3n del repositorio FSF) a trav\u00e9s de un car\u00e1cter de nueva l\u00ednea en un nombre de archivo."
}
],
"id": "CVE-2013-1968",
"lastModified": "2024-11-21T01:50:46.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-31T13:20:24.467",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2013-1968-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1893-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://subversion.apache.org/security/CVE-2013-1968-advisory.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}