[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Apache Subversion - (bulletinjul2017)

ID: oval:org.secpod.oval:def:2101120Date: (C)2019-12-31   (M)2022-08-31
Class: PATCHFamily: unix




A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server"s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

Platform:
Sun Solaris 11
Product:
library/python/subversion
library/perl-5/subversion
library/java/subversion
developer/versioning/subversion
Reference:
bulletinjul2017
CVE-2017-9800
CVE    1
CVE-2017-9800
CPE    1
cpe:/o:oracle:solaris:11

© SecPod Technologies