CVE-2007-2448
First published: Thu Jun 14 2007(Updated: )
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Subversion Subversion | <=1.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
- http://www.securityfocus.com/bid/24463
- http://securitytracker.com/id?1018237
- https://issues.rpath.com/browse/RPL-1896
- http://www.vupen.com/english/advisories/2011/0264
- http://secunia.com/advisories/43139
- http://www.ubuntu.com/usn/USN-1053-1
- http://www.vupen.com/english/advisories/2007/2230
- http://osvdb.org/36070
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/subversion
- canonical/subversion subversion
- version/subversion subversion/1.4.3