CVE-2007-2448Subversion vulnerability

12 documents9 sources
Severity
2.1LOWNVD
EPSS
0.3%
top 47.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache SubversionSubversion
Timeline
PublishedJun 14
Latest updateMay 1

Description

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

Debianapache/subversion< 1.4.4dfsg1-1+3

Patches

Patch: securitytracker.comPatch: www.securityfocus.comPatch: securitytracker.com

🔴Vulnerability Details

3
GHSA
GHSA-5qx7-4v6g-86g4: Subversion 12022-05-01
CVEList
CVE-2007-2448: Subversion 12007-06-14
OSV
CVE-2007-2448: Subversion 12007-06-14

📋Vendor Advisories

4
Ubuntu
Subversion vulnerabilities2011-02-01
Red Hat
subversion: revision properties disclosure to user with partial access2007-11-06
Debian
CVE-2007-2448: subversion - Subversion 1.4.3 and earlier does not properly implement the "partial access" pr...2007
Apache
Apache subversion: CVE-2007-2448

💬Community

4
Bugzilla
CVE-2007-2448 New subversion release fixes a subtle security bug [F7]2007-06-12
Bugzilla
CVE-2007-2448 New subversion release fixes a subtle security bug [FC5]2007-06-12
Bugzilla
CVE-2007-2448 New subversion release fixes a subtle security bug [FC6]2007-06-12
Bugzilla
CVE-2007-2448 subversion: revision properties disclosure to user with partial access2007-06-11
CVE-2007-2448 — Subversion vulnerability | cvebase