CVE-2013-2088

Subversion 1.6.6/1.6.12 - Code Execution

Severity Score

7.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

contrib/hook-scripts/svn-keyword-check.pl en Subversion anterior a 1.6.23, permite a usuarios autenticados remotamente con permisos de "commit" la ejecución de comandos arbitrarios a través de metacaracteres shell en un nombre de archivo.

Subversion versions 1.6.6 and 1.6.12 suffers from a code execution vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 7.1

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-07-31 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2024-08-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (6)

URL	Tag	Source
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E	Mailing List
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/40507	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html	2018-10-30
https://subversion.apache.org/security/CVE-2013-2088-advisory.txt	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				<= 1.6.21 Search vendor "Apache" for product "Subversion" and version " <= 1.6.21"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.0 Search vendor "Apache" for product "Subversion" and version "1.6.0"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.1 Search vendor "Apache" for product "Subversion" and version "1.6.1"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.2 Search vendor "Apache" for product "Subversion" and version "1.6.2"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.3 Search vendor "Apache" for product "Subversion" and version "1.6.3"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.4 Search vendor "Apache" for product "Subversion" and version "1.6.4"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.5 Search vendor "Apache" for product "Subversion" and version "1.6.5"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.6 Search vendor "Apache" for product "Subversion" and version "1.6.6"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.7 Search vendor "Apache" for product "Subversion" and version "1.6.7"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.8 Search vendor "Apache" for product "Subversion" and version "1.6.8"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.9 Search vendor "Apache" for product "Subversion" and version "1.6.9"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.10 Search vendor "Apache" for product "Subversion" and version "1.6.10"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.11 Search vendor "Apache" for product "Subversion" and version "1.6.11"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.12 Search vendor "Apache" for product "Subversion" and version "1.6.12"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.13 Search vendor "Apache" for product "Subversion" and version "1.6.13"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.14 Search vendor "Apache" for product "Subversion" and version "1.6.14"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.15 Search vendor "Apache" for product "Subversion" and version "1.6.15"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.16 Search vendor "Apache" for product "Subversion" and version "1.6.16"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.17 Search vendor "Apache" for product "Subversion" and version "1.6.17"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.18 Search vendor "Apache" for product "Subversion" and version "1.6.18"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.19 Search vendor "Apache" for product "Subversion" and version "1.6.19"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.20 Search vendor "Apache" for product "Subversion" and version "1.6.20"		-		Affected
Collabnet Search vendor "Collabnet"		Subversion Search vendor "Collabnet" for product "Subversion"				1.6.17 Search vendor "Collabnet" for product "Subversion" and version "1.6.17"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4"		-		Affected