CVE-2007-2448
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
Subversion 1.4.3 y versiones anteriores no implementa apropiadamente el privilegio "acceso parcial" para usuarios que tienen acceso a rutas cambiadas pero no rutas copiadas, lo cual permite a usuarios remotos autenticados obtener información confidencial (propiedades de revisión) mediante svn (1) propget, (2) proplist, ó (3) propedit.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-05-02 CVE Reserved
- 2007-06-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/36070 | Vdb Entry | |
| http://secunia.com/advisories/43139 | Third Party Advisory | |
| http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2007/2230 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0264 | Vdb Entry | |
| https://issues.rpath.com/browse/RPL-1896 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://securitytracker.com/id?1018237 | 2012-11-06 | |
| http://www.securityfocus.com/bid/24463 | 2012-11-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1053-1 | 2012-11-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Subversion Search vendor "Subversion" | Subversion Search vendor "Subversion" for product "Subversion" | <= 1.4.3 Search vendor "Subversion" for product "Subversion" and version " <= 1.4.3" | - |
Affected
| ||||||