[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: WebSVN
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2009-01-21 1:53:05
Message-ID: Pine.GSO.4.51.0901202051410.22454 () faron ! mitre ! org
[Download RAW message or body]
Use CVE-2009-0240 for the recent authorization issue.
Note that CVE-2008-5918, CVE-2008-5919, and CVE-2008-5920 were assigned to
older WebSVN issues that were disclosed in October 2008.
- Steve
======================================================
Name: CVE-2008-5918
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5918
Reference: MILW0RM:6822
Reference: URL:http://www.milw0rm.com/exploits/6822
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008
Reference: CONFIRM:http://websvn.tigris.org/issues/show_bug.cgi?id=179
Reference: CONFIRM:http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
Reference: BID:31891
Reference: URL:http://www.securityfocus.com/bid/31891
Reference: SECUNIA:32338
Reference: URL:http://secunia.com/advisories/32338
Reference: XF:websvn-index-xss(46048)
Reference: URL:http://xforce.iss.net/xforce/xfdb/46048
Cross-site scripting (XSS) vulnerability in the
getParameterisedSelfUrl function in index.php in WebSVN 2.0 and
earlier allows remote attackers to inject arbitrary web script or HTML
via the PATH_INFO.
======================================================
Name: CVE-2008-5919
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5919
Reference: MILW0RM:6822
Reference: URL:http://www.milw0rm.com/exploits/6822
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008
Reference: CONFIRM:http://websvn.tigris.org/issues/show_bug.cgi?id=179
Reference: CONFIRM:http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
Reference: BID:31891
Reference: URL:http://www.securityfocus.com/bid/31891
Reference: SECUNIA:32338
Reference: URL:http://secunia.com/advisories/32338
Reference: XF:websvn-rss-directory-traversal(46050)
Reference: URL:http://xforce.iss.net/xforce/xfdb/46050
Directory traversal vulnerability in rss.php in WebSVN 2.0 and
earlier, when magic_quotes_gpc is disabled, allows remote attackers to
overwrite arbitrary files via directory traversal sequences in the rev
parameter.
======================================================
Name: CVE-2008-5920
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5920
Reference: MILW0RM:6822
Reference: URL:http://www.milw0rm.com/exploits/6822
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008
Reference: BID:31891
Reference: URL:http://www.securityfocus.com/bid/31891
The create_anchors function in utils.inc in WebSVN 1.x allows remote
attackers to execute arbitrary PHP code via a crafted username that is
processed by the preg_replace function with the eval switch.
======================================================
Name: CVE-2009-0240
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0240
Reference: MLIST:[oss-security] 20090118 CVE request: WebSVN
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/18/2
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191
Reference: SECUNIA:32338
Reference: URL:http://secunia.com/advisories/32338
listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN
authz file, allows remote authenticated users to read changelogs or
diffs for restricted projects via a modified repname parameter.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic