CVE-2010-3315

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-3315
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

6.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://secunia.com/advisories/41652 Vendor Advisory
http://secunia.com/advisories/43139
http://secunia.com/advisories/43346
http://security-tracker.debian.org/tracker/CVE-2010-3315
http://subversion.apache.org/security/CVE-2010-3315-advisory.txt Patch
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2010/dsa-2118
http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
http://www.redhat.com/support/errata/RHSA-2011-0258.html
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2011/0264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://secunia.com/advisories/41652 Vendor Advisory
http://secunia.com/advisories/43139
http://secunia.com/advisories/43346
http://security-tracker.debian.org/tracker/CVE-2010-3315
http://subversion.apache.org/security/CVE-2010-3315-advisory.txt Patch
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2010/dsa-2118
http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
http://www.redhat.com/support/errata/RHSA-2011-0258.html
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2011/0264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
History

21 Nov 2024, 01:18

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html - () http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html -
References () http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html -
References () http://secunia.com/advisories/41652 - Vendor Advisory () http://secunia.com/advisories/41652 - Vendor Advisory
References () http://secunia.com/advisories/43139 - () http://secunia.com/advisories/43139 -
References () http://secunia.com/advisories/43346 - () http://secunia.com/advisories/43346 -
References () http://security-tracker.debian.org/tracker/CVE-2010-3315 - () http://security-tracker.debian.org/tracker/CVE-2010-3315 -
References () http://subversion.apache.org/security/CVE-2010-3315-advisory.txt - Patch () http://subversion.apache.org/security/CVE-2010-3315-advisory.txt - Patch
References () http://support.apple.com/kb/HT4581 - () http://support.apple.com/kb/HT4581 -
References () http://www.debian.org/security/2010/dsa-2118 - () http://www.debian.org/security/2010/dsa-2118 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:199 - () http://www.mandriva.com/security/advisories?name=MDVSA-2010:199 -
References () http://www.redhat.com/support/errata/RHSA-2011-0258.html - () http://www.redhat.com/support/errata/RHSA-2011-0258.html -
References () http://www.ubuntu.com/usn/USN-1053-1 - () http://www.ubuntu.com/usn/USN-1053-1 -
References () http://www.vupen.com/english/advisories/2011/0264 - () http://www.vupen.com/english/advisories/2011/0264 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007 -
Information

Published : 2010-10-04 21:00

Updated : 2024-11-21 01:18

NVD link : CVE-2010-3315

Mitre link : CVE-2010-3315

CVE.ORG link : CVE-2010-3315

JSON object : View

Products Affected

apache

  • subversion
CWE
CWE-16

Configuration


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024