cve-2017-9800
Vulnerability from cvelistv5
Published
2017-08-11 21:00
Modified
2024-09-16 23:36
Severity ?
Summary
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:18:01.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "100259",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100259"
          },
          {
            "name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
          },
          {
            "name": "RHSA-2017:2480",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2480"
          },
          {
            "name": "1039127",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039127"
          },
          {
            "name": "GLSA-201709-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-09"
          },
          {
            "name": "DSA-3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3932"
          },
          {
            "name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208103"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Subversion",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0 to 1.8.18"
            },
            {
              "status": "affected",
              "version": "1.9.0 to 1.9.6"
            }
          ]
        }
      ],
      "datePublic": "2017-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\u0027s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:52",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "100259",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100259"
        },
        {
          "name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
        },
        {
          "name": "RHSA-2017:2480",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2480"
        },
        {
          "name": "1039127",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039127"
        },
        {
          "name": "GLSA-201709-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-09"
        },
        {
          "name": "DSA-3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3932"
        },
        {
          "name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208103"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2017-08-10T00:00:00",
          "ID": "CVE-2017-9800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Subversion",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.0 to 1.8.18"
                          },
                          {
                            "version_value": "1.9.0 to 1.9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\u0027s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63@%3Cannounce.apache.org%3E"
            },
            {
              "name": "100259",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100259"
            },
            {
              "name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
            },
            {
              "name": "RHSA-2017:2480",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2480"
            },
            {
              "name": "1039127",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039127"
            },
            {
              "name": "GLSA-201709-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-09"
            },
            {
              "name": "DSA-3932",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3932"
            },
            {
              "name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76@%3Ccommits.subversion.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html",
              "refsource": "CONFIRM",
              "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
            },
            {
              "name": "https://support.apple.com/HT208103",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208103"
            },
            {
              "name": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt",
              "refsource": "CONFIRM",
              "url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
            },
            {
              "name": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-9800",
    "datePublished": "2017-08-11T21:00:00Z",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-09-16T23:36:59.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9800\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-08-11T21:29:00.587\",\"lastModified\":\"2023-11-07T02:50:53.333\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\u0027s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.\"},{\"lang\":\"es\",\"value\":\"Una URL creada con fines maliciosos svn+ssh:// podr\u00eda provocar que clientes de Subversion en versiones anteriores a la 1.8.19, en versiones 1.9.x anteriores a la 1.9.7, y en versiones 1.10.0.x a 1.10.0-alpha3 ejecuten un comando shell arbitrario. Tal URL podr\u00eda ser generada por un servidor malicioso, por un usuario malicioso que se confirma en un servidor honesto (para atacar otro usuario de los repositorios de ese servidor), o por un servidor proxy. La vulnerabilidad afecta a todos los clientes, incluyendo aquellos que usan file://, http://, y svn:// plano (sin t\u00fanel).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.18\",\"matchCriteriaId\":\"C10F0402-14B0-4870-91A0-53BA3200B2B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"892FF423-1848-4E69-8C4C-E1972B656196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ACF37C7-8752-4A8F-B7E3-2E813C4A0DF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74200C33-9505-48EB-964D-6CA28C7F6DB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09FBAFE7-986D-4B24-8122-FDCC380331C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32B6148E-3E5F-4DCB-BD8E-45B3D56CB18C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA37FBDF-C9BD-4D8F-B24A-CC35DF7EE7FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E228BEF8-CACB-46DF-816B-ECCB406DFB60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDEDF94B-8B94-43AD-8DA7-580EF40CAD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.10.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8053093C-E4F4-411B-A4B7-1728E40E7D89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.10.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6997704A-5C87-47B7-BF17-5C0F43642065\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:subversion:1.10.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1E5C581-41D7-4694-A050-5455D6C8BB74\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3932\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/540999/100/0/threaded\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/100259\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039127\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2480\",\"source\":\"security@apache.org\"},{\"url\":\"https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/201709-09\",\"source\":\"security@apache.org\"},{\"url\":\"https://subversion.apache.org/security/CVE-2017-9800-advisory.txt\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208103\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security@apache.org\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.