9.8

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheSubversion Version <= 1.8.18
ApacheSubversion Version1.9.0
ApacheSubversion Version1.9.1
ApacheSubversion Version1.9.2
ApacheSubversion Version1.9.3
ApacheSubversion Version1.9.4
ApacheSubversion Version1.9.5
ApacheSubversion Version1.9.6
ApacheSubversion Version1.10.0
ApacheSubversion Version1.10.0 Updatealpha1
ApacheSubversion Version1.10.0 Updatealpha2
ApacheSubversion Version1.10.0 Updatealpha3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.89% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.oracle.com/security-alerts/cpuoct2020.html
http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
http://www.debian.org/security/2017/dsa-3932
http://www.securityfocus.com/archive/1/540999/100/0/threaded
http://www.securityfocus.com/bid/100259
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039127
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2480
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E
https://security.gentoo.org/glsa/201709-09
https://subversion.apache.org/security/CVE-2017-9800-advisory.txt
Vendor Advisory
https://support.apple.com/HT208103