CVE-2007-3846 - OpenCVE

Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Subversion	Subversion
Tortoisesvn	Tortoisesvn

Configuration 1 [-]

OR	cpe:2.3:a:subversion:subversion:::windows:::::*
	cpe:2.3:a:tortoisesvn:tortoisesvn:::windows:::::*

References

Link	Resource
http://crisp.cs.du.edu/?q=node/36
http://osvdb.org/40118
http://osvdb.org/40119
http://secunia.com/advisories/26625	Patch Vendor Advisory
http://secunia.com/advisories/26632	Patch Vendor Advisory
http://securitytracker.com/id?1018617
http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941	Patch
http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413
http://tortoisesvn.net/node/291	Patch
http://www.securityfocus.com/bid/25468
http://www.vupen.com/english/advisories/2007/3003
http://www.vupen.com/english/advisories/2007/3004
https://exchange.xforce.ibmcloud.com/vulnerabilities/36312

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2007-08-28T18:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-07-18T00:00:00

Link: CVE-2007-3846

JSON object: View

NVD Information

Status : Modified

Published: 2007-08-28T18:17:00.000

Modified: 2017-07-29T01:32:34.487

Link: CVE-2007-3846

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-27T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\\ (dot dot backslash) sequence in the filename, as stored in the file repository."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2007-3004", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3004"}, {"name": "[users-subversion] 20070828 Subversion 1.4.5 releaded (Win32 security release)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tortoisesvn.net/node/291"}, {"name": "26632", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26632"}, {"name": "25468", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25468"}, {"tags": ["x_refsource_MISC"], "url": "http://crisp.cs.du.edu/?q=node/36"}, {"name": "40119", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40119"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941"}, {"name": "1018617", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018617"}, {"name": "26625", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26625"}, {"name": "ADV-2007-3003", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3003"}, {"name": "40118", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40118"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413"}, {"name": "subversion-filename-directory-traversal(36312)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36312"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-3846", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\\ (dot dot backslash) sequence in the filename, as stored in the file repository."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-3004", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3004"}, {"name": "[users-subversion] 20070828 Subversion 1.4.5 releaded (Win32 security release)", "refsource": "MLIST", "url": "http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413"}, {"name": "http://tortoisesvn.net/node/291", "refsource": "CONFIRM", "url": "http://tortoisesvn.net/node/291"}, {"name": "26632", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26632"}, {"name": "25468", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25468"}, {"name": "http://crisp.cs.du.edu/?q=node/36", "refsource": "MISC", "url": "http://crisp.cs.du.edu/?q=node/36"}, {"name": "40119", "refsource": "OSVDB", "url": "http://osvdb.org/40119"}, {"name": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941", "refsource": "CONFIRM", "url": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941"}, {"name": "1018617", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018617"}, {"name": "26625", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26625"}, {"name": "ADV-2007-3003", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3003"}, {"name": "40118", "refsource": "OSVDB", "url": "http://osvdb.org/40118"}, {"name": "http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413", "refsource": "CONFIRM", "url": "http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413"}, {"name": "subversion-filename-directory-traversal(36312)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36312"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-3846", "datePublished": "2007-08-28T18:00:00", "dateReserved": "2007-07-18T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:subversion:subversion:*:*:windows:*:*:*:*:*", "matchCriteriaId": "1990E01B-99A1-4E5F-B84E-466B654B518B", "versionEndIncluding": "1.4.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tortoisesvn:tortoisesvn:*:*:windows:*:*:*:*:*", "matchCriteriaId": "AB68E39A-869E-469E-88AB-6B4786CAA85C", "versionEndIncluding": "1.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\\ (dot dot backslash) sequence in the filename, as stored in the file repository."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Subversion anterior a 1.4.5, utilizado en TortoiseSVN anterior a 1.4.5 y posiblemente otros productos, cuando se ejecuta en sistemas basados en Windows, permite a usuarios autenticados remotamente sobrescribir y crear archivos de su elecci\u00f3n mediante una secuencia ..\\ (punto punto barra invertida) en el nombre de archivo, almacenado en el repositorio de archivos."}], "id": "CVE-2007-3846", "lastModified": "2017-07-29T01:32:34.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-28T18:17:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://crisp.cs.du.edu/?q=node/36"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/40118"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/40119"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26625"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26632"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1018617"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941"}, {"source": "secalert@redhat.com", "url": "http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://tortoisesvn.net/node/291"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/25468"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/3003"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/3004"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36312"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}