mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
126 lines
5.2 KiB
JSON
126 lines
5.2 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@apache.org",
|
|
"DATE_PUBLIC": "2017-08-10T00:00:00",
|
|
"ID": "CVE-2017-9800",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache Subversion",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "1.0.0 to 1.8.18"
|
|
},
|
|
{
|
|
"version_value": "1.9.0 to 1.9.6"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Apache Software Foundation"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Remote Code Execution"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
|
|
"refsource": "MLIST",
|
|
"url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63@%3Cannounce.apache.org%3E"
|
|
},
|
|
{
|
|
"name": "100259",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/100259"
|
|
},
|
|
{
|
|
"name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
|
|
"refsource": "BUGTRAQ",
|
|
"url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2480",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2480"
|
|
},
|
|
{
|
|
"name": "1039127",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1039127"
|
|
},
|
|
{
|
|
"name": "GLSA-201709-09",
|
|
"refsource": "GENTOO",
|
|
"url": "https://security.gentoo.org/glsa/201709-09"
|
|
},
|
|
{
|
|
"name": "DSA-3932",
|
|
"refsource": "DEBIAN",
|
|
"url": "http://www.debian.org/security/2017/dsa-3932"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
|
|
"url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76@%3Ccommits.subversion.apache.org%3E"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
|
|
},
|
|
{
|
|
"name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
|
|
},
|
|
{
|
|
"name": "https://support.apple.com/HT208103",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://support.apple.com/HT208103"
|
|
},
|
|
{
|
|
"name": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
|
|
},
|
|
{
|
|
"name": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html",
|
|
"refsource": "MISC",
|
|
"url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
|
|
}
|
|
]
|
|
}
|
|
} |