Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-9800

Опубликовано: 11 авг. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Средний

Описание

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
Версия до 1.8.18 (включая)
cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.10.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.10.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.10.0:alpha3:*:*:*:*:*:*

EPSS

Процентиль: 98%
0.49635
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2017-9800

CVSS3: 9.8
ubuntu
больше 8 лет назад

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

redhat логотип

CVE-2017-9800

CVSS3: 6.3
redhat
больше 8 лет назад

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

debian логотип

CVE-2017-9800

CVSS3: 9.8
debian
больше 8 лет назад

A maliciously constructed svn+ssh:// URL would cause Subversion client ...

suse-cvrf логотип

openSUSE-SU-2017:2183-1

suse-cvrf
около 8 лет назад

Security update for subversion

github логотип

GHSA-34wf-vr8w-7xh4

CVSS3: 9.8
github
больше 3 лет назад

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

EPSS

Процентиль: 98%
0.49635
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20