Описание
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-3846
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36312
- http://crisp.cs.du.edu/?q=node/36
- http://osvdb.org/40118
- http://osvdb.org/40119
- http://secunia.com/advisories/26625
- http://secunia.com/advisories/26632
- http://securitytracker.com/id?1018617
- http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941
- http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413
- http://tortoisesvn.net/node/291
- http://www.securityfocus.com/bid/25468
- http://www.vupen.com/english/advisories/2007/3003
- http://www.vupen.com/english/advisories/2007/3004
Связанные уязвимости
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.