CVE-2013-4277 — Apache Subversion vulnerability

CWE-2649 documents8 sources

Severity

3.3LOWNVD

EPSS

0.2%

top 56.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion

Timeline

PublishedSep 16

Latest updateMay 17

Description

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages2 packages

▶Debianapache/subversion< 1.7.13-1+3

▶NVDapache/subversion54 versions+53

🔴Vulnerability Details

GHSA

GHSA-7hmj-c92j-fg6p: Svnserve in Apache Subversion 1↗2022-05-17

▶

OSV

CVE-2013-4277: Svnserve in Apache Subversion 1↗2013-09-16

▶

CVEList

CVE-2013-4277: Svnserve in Apache Subversion 1↗2013-09-16

▶

📋Vendor Advisories

Red Hat

subversion: svnserve is vulnerable to symlink attack↗2013-08-30

▶

Debian

CVE-2013-4277: subversion - Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allow...↗2013

▶

Apache

Apache subversion: CVE-2013-4277↗

▶

💬Community

Bugzilla

CVE-2013-4277 subversion: svnserve is vulnerable to symlink attack [fedora-all]↗2013-08-30

▶

Bugzilla

CVE-2013-4277 subversion: svnserve is vulnerable to symlink attack↗2013-08-22

▶