9.8
CVE-2017-9800
- EPSS 53.58%
- Published 11.08.2017 21:29:00
- Last modified 20.04.2025 01:37:25
- Source security@apache.org
- Teams watchlist Login
- Open Login
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
Data is provided by the National Vulnerability Database (NVD)
Apache ≫ Subversion Version <= 1.8.18
Apache ≫ Subversion Version1.9.0
Apache ≫ Subversion Version1.9.1
Apache ≫ Subversion Version1.9.2
Apache ≫ Subversion Version1.9.3
Apache ≫ Subversion Version1.9.4
Apache ≫ Subversion Version1.9.5
Apache ≫ Subversion Version1.9.6
Apache ≫ Subversion Version1.10.0
Apache ≫ Subversion Version1.10.0 Updatealpha1
Apache ≫ Subversion Version1.10.0 Updatealpha2
Apache ≫ Subversion Version1.10.0 Updatealpha3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 53.58% | 0.979 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.