FKIE_CVE-2007-2448

Vulnerability from fkie_nvd - Published: 2007-06-14 23:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
References
secalert@redhat.comhttp://osvdb.org/36070
secalert@redhat.comhttp://secunia.com/advisories/43139
secalert@redhat.comhttp://securitytracker.com/id?1018237Patch
secalert@redhat.comhttp://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
secalert@redhat.comhttp://www.securityfocus.com/bid/24463Patch
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1053-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/2230
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0264
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-1896
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/36070
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43139
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018237Patch
af854a3a-2127-422b-91ae-364da2661108http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24463Patch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1053-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2230
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0264
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1896
Impacted products
Vendor Product Version
subversion subversion *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B1D817D-D7D7-44B9-A05F-F674539F9896",
              "versionEndIncluding": "1.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Subversion 1.4.3 and earlier does not properly implement the \"partial access\" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit."
    },
    {
      "lang": "es",
      "value": "Subversion 1.4.3 y versiones anteriores no implementa apropiadamente el privilegio \"acceso parcial\" para usuarios que tienen acceso a rutas cambiadas pero no rutas copiadas, lo cual permite a usuarios remotos autenticados obtener informaci\u00f3n confidencial (propiedades de revisi\u00f3n) mediante svn (1) propget, (2) proplist, \u00f3 (3) propedit."
    }
  ],
  "id": "CVE-2007-2448",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-06-14T23:30:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/36070"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43139"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1018237"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24463"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1053-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/2230"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0264"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-1896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1018237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1053-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1896"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2448\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2007-06-26T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.