FKIE_CVE-2017-9800

Vulnerability from fkie_nvd - Published: 2017-08-11 21:29 - Updated: 2025-04-20 01:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
References
security@apache.orghttp://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
security@apache.orghttp://www.debian.org/security/2017/dsa-3932
security@apache.orghttp://www.securityfocus.com/archive/1/540999/100/0/threaded
security@apache.orghttp://www.securityfocus.com/bid/100259Third Party Advisory, VDB Entry
security@apache.orghttp://www.securitytracker.com/id/1039127Third Party Advisory, VDB Entry
security@apache.orghttps://access.redhat.com/errata/RHSA-2017:2480
security@apache.orghttps://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
security@apache.orghttps://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E
security@apache.orghttps://security.gentoo.org/glsa/201709-09
security@apache.orghttps://subversion.apache.org/security/CVE-2017-9800-advisory.txtVendor Advisory
security@apache.orghttps://support.apple.com/HT208103
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3932
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/540999/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100259Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039127Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2480
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201709-09
af854a3a-2127-422b-91ae-364da2661108https://subversion.apache.org/security/CVE-2017-9800-advisory.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT208103
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.html
Impacted products
Vendor Product Version
apache subversion *
apache subversion 1.9.0
apache subversion 1.9.1
apache subversion 1.9.2
apache subversion 1.9.3
apache subversion 1.9.4
apache subversion 1.9.5
apache subversion 1.9.6
apache subversion 1.10.0
apache subversion 1.10.0
apache subversion 1.10.0
apache subversion 1.10.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10F0402-14B0-4870-91A0-53BA3200B2B1",
              "versionEndIncluding": "1.8.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "892FF423-1848-4E69-8C4C-E1972B656196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ACF37C7-8752-4A8F-B7E3-2E813C4A0DF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74200C33-9505-48EB-964D-6CA28C7F6DB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FBAFE7-986D-4B24-8122-FDCC380331C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B6148E-3E5F-4DCB-BD8E-45B3D56CB18C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA37FBDF-C9BD-4D8F-B24A-CC35DF7EE7FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E228BEF8-CACB-46DF-816B-ECCB406DFB60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDEDF94B-8B94-43AD-8DA7-580EF40CAD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.10.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "8053093C-E4F4-411B-A4B7-1728E40E7D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.10.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "6997704A-5C87-47B7-BF17-5C0F43642065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.10.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "B1E5C581-41D7-4694-A050-5455D6C8BB74",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\u0027s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://."
    },
    {
      "lang": "es",
      "value": "Una URL creada con fines maliciosos svn+ssh:// podr\u00eda provocar que clientes de Subversion en versiones anteriores a la 1.8.19, en versiones 1.9.x anteriores a la 1.9.7, y en versiones 1.10.0.x a 1.10.0-alpha3 ejecuten un comando shell arbitrario. Tal URL podr\u00eda ser generada por un servidor malicioso, por un usuario malicioso que se confirma en un servidor honesto (para atacar otro usuario de los repositorios de ese servidor), o por un servidor proxy. La vulnerabilidad afecta a todos los clientes, incluyendo aquellos que usan file://, http://, y svn:// plano (sin t\u00fanel)."
    }
  ],
  "id": "CVE-2017-9800",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-11T21:29:00.587",
  "references": [
    {
      "source": "security@apache.org",
      "url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "url": "http://www.debian.org/security/2017/dsa-3932"
    },
    {
      "source": "security@apache.org",
      "url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100259"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039127"
    },
    {
      "source": "security@apache.org",
      "url": "https://access.redhat.com/errata/RHSA-2017:2480"
    },
    {
      "source": "security@apache.org",
      "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://security.gentoo.org/glsa/201709-09"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
    },
    {
      "source": "security@apache.org",
      "url": "https://support.apple.com/HT208103"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2017/dsa-3932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:2480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201709-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT208103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.