CVE Vulnerability

CVE-2007-2448

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
http://www.securityfocus.com/bid/24463 Patch
http://securitytracker.com/id?1018237 Patch
https://issues.rpath.com/browse/RPL-1896
http://www.vupen.com/english/advisories/2011/0264
http://secunia.com/advisories/43139
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2007/2230
http://osvdb.org/36070
Configurations

Configuration 1

cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*
Information

Published : 2007-06-14 11:30

Updated : 2012-11-06 03:38

NVD link : CVE-2007-2448

Mitre link : CVE-2007-2448

Products Affected
No products.
CWE
NVD-CWE-Other