CVE-2017-9800

{"id": "CVE-2017-9800", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-08-11T21:29:00.587", "references": [{"url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html", "source": "security@apache.org"}, {"url": "http://www.debian.org/security/2017/dsa-3932", "source": "security@apache.org"}, {"url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded", "source": "security@apache.org"}, {"url": "http://www.securityfocus.com/bid/100259", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "http://www.securitytracker.com/id/1039127", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2480", "source": "security@apache.org"}, {"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E", "source": "security@apache.org"}, {"url": "https://security.gentoo.org/glsa/201709-09", "source": "security@apache.org"}, {"url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://support.apple.com/HT208103", "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "source": "security@apache.org"}, {"url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2017/dsa-3932", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/100259", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1039127", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2480", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201709-09", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT208103", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://."}, {"lang": "es", "value": "Una URL creada con fines maliciosos svn+ssh:// podr\u00eda provocar que clientes de Subversion en versiones anteriores a la 1.8.19, en versiones 1.9.x anteriores a la 1.9.7, y en versiones 1.10.0.x a 1.10.0-alpha3 ejecuten un comando shell arbitrario. Tal URL podr\u00eda ser generada por un servidor malicioso, por un usuario malicioso que se confirma en un servidor honesto (para atacar otro usuario de los repositorios de ese servidor), o por un servidor proxy. La vulnerabilidad afecta a todos los clientes, incluyendo aquellos que usan file://, http://, y svn:// plano (sin t\u00fanel)."}], "lastModified": "2024-11-21T03:36:52.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C10F0402-14B0-4870-91A0-53BA3200B2B1", "versionEndIncluding": "1.8.18"}, {"criteria": "cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "892FF423-1848-4E69-8C4C-E1972B656196"}, {"criteria": "cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ACF37C7-8752-4A8F-B7E3-2E813C4A0DF0"}, {"criteria": "cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74200C33-9505-48EB-964D-6CA28C7F6DB8"}, {"criteria": "cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09FBAFE7-986D-4B24-8122-FDCC380331C9"}, {"criteria": "cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32B6148E-3E5F-4DCB-BD8E-45B3D56CB18C"}, {"criteria": "cpe:2.3:a:apache:subversion:1.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA37FBDF-C9BD-4D8F-B24A-CC35DF7EE7FA"}, {"criteria": "cpe:2.3:a:apache:subversion:1.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E228BEF8-CACB-46DF-816B-ECCB406DFB60"}, {"criteria": "cpe:2.3:a:apache:subversion:1.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDEDF94B-8B94-43AD-8DA7-580EF40CAD26"}, {"criteria": "cpe:2.3:a:apache:subversion:1.10.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8053093C-E4F4-411B-A4B7-1728E40E7D89"}, {"criteria": "cpe:2.3:a:apache:subversion:1.10.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6997704A-5C87-47B7-BF17-5C0F43642065"}, {"criteria": "cpe:2.3:a:apache:subversion:1.10.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1E5C581-41D7-4694-A050-5455D6C8BB74"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}