CVE-2010-3315 — Apache Subversion vulnerability

CWE-1610 documents9 sources

Severity

6.0MEDIUMNVD

EPSS

0.4%

top 41.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion

Timeline

PublishedOct 4

Latest updateMay 17

Description

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶Debianapache/subversion< 1.6.12dfsg-2+3

▶NVDapache/subversion21 versions+20

Patches

Patch: subversion.apache.org ↗Patch: subversion.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-rwpr-66p9-2829: authz↗2022-05-17

▶

CVEList

CVE-2010-3315: authz↗2010-10-04

▶

OSV

CVE-2010-3315: authz↗2010-10-04

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerabilities↗2011-02-01

▶

Red Hat

Subversion: Access restriction bypass by checkout of the root of the repository↗2010-10-04

▶

Debian

CVE-2010-3315: subversion - authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in ...↗2010

▶

Apache

Apache subversion: CVE-2010-3315↗

▶

💬Community

Bugzilla

CVE-2010-3315 Subversion: Access restriction bypass by checkout of the root of the repository [fedora-all]↗2011-01-25

▶

Bugzilla

CVE-2010-3315 Subversion: Access restriction bypass by checkout of the root of the repository↗2010-10-05

▶