9.8
CVE-2017-9800
- EPSS 53.58%
- Veröffentlicht 11.08.2017 21:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle security@apache.org
- Teams Watchlist Login
- Unerledigt Login
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Subversion Version <= 1.8.18
Apache ≫ Subversion Version1.9.0
Apache ≫ Subversion Version1.9.1
Apache ≫ Subversion Version1.9.2
Apache ≫ Subversion Version1.9.3
Apache ≫ Subversion Version1.9.4
Apache ≫ Subversion Version1.9.5
Apache ≫ Subversion Version1.9.6
Apache ≫ Subversion Version1.10.0
Apache ≫ Subversion Version1.10.0 Updatealpha1
Apache ≫ Subversion Version1.10.0 Updatealpha2
Apache ≫ Subversion Version1.10.0 Updatealpha3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 53.58% | 0.979 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.