oss-sec mailing list archives
Re: CVE request: WebSVN
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 20 Jan 2009 20:53:05 -0500 (EST)
Use CVE-2009-0240 for the recent authorization issue. Note that CVE-2008-5918, CVE-2008-5919, and CVE-2008-5920 were assigned to older WebSVN issues that were disclosed in October 2008. - Steve ====================================================== Name: CVE-2008-5918 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5918 Reference: MILW0RM:6822 Reference: URL:http://www.milw0rm.com/exploits/6822 Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008 Reference: CONFIRM:http://websvn.tigris.org/issues/show_bug.cgi?id=179 Reference: CONFIRM:http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218 Reference: BID:31891 Reference: URL:http://www.securityfocus.com/bid/31891 Reference: SECUNIA:32338 Reference: URL:http://secunia.com/advisories/32338 Reference: XF:websvn-index-xss(46048) Reference: URL:http://xforce.iss.net/xforce/xfdb/46048 Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. ====================================================== Name: CVE-2008-5919 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5919 Reference: MILW0RM:6822 Reference: URL:http://www.milw0rm.com/exploits/6822 Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008 Reference: CONFIRM:http://websvn.tigris.org/issues/show_bug.cgi?id=179 Reference: CONFIRM:http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218 Reference: BID:31891 Reference: URL:http://www.securityfocus.com/bid/31891 Reference: SECUNIA:32338 Reference: URL:http://secunia.com/advisories/32338 Reference: XF:websvn-rss-directory-traversal(46050) Reference: URL:http://xforce.iss.net/xforce/xfdb/46050 Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. ====================================================== Name: CVE-2008-5920 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5920 Reference: MILW0RM:6822 Reference: URL:http://www.milw0rm.com/exploits/6822 Reference: MISC:http://www.gulftech.org/?node=research&article_id=00132-10202008 Reference: BID:31891 Reference: URL:http://www.securityfocus.com/bid/31891 The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. ====================================================== Name: CVE-2009-0240 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0240 Reference: MLIST:[oss-security] 20090118 CVE request: WebSVN Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/18/2 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191 Reference: SECUNIA:32338 Reference: URL:http://secunia.com/advisories/32338 listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.
Current thread:
- CVE request: WebSVN Florian Weimer (Jan 18)
- Re: CVE request: WebSVN Steven M. Christey (Jan 20)