Vulnerabilites related to tortoisesvn - tortoisesvn
CVE-2007-3846 (GCVE-0-2007-3846)
Vulnerability from cvelistv5
Published
2007-08-28 18:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-3004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3004"
},
{
"name": "[users-subversion] 20070828 Subversion 1.4.5 releaded (Win32 security release)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tortoisesvn.net/node/291"
},
{
"name": "26632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26632"
},
{
"name": "25468",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25468"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://crisp.cs.du.edu/?q=node/36"
},
{
"name": "40119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941"
},
{
"name": "1018617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018617"
},
{
"name": "26625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26625"
},
{
"name": "ADV-2007-3003",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3003"
},
{
"name": "40118",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"name": "subversion-filename-directory-traversal(36312)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\\ (dot dot backslash) sequence in the filename, as stored in the file repository."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2007-3004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3004"
},
{
"name": "[users-subversion] 20070828 Subversion 1.4.5 releaded (Win32 security release)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tortoisesvn.net/node/291"
},
{
"name": "26632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26632"
},
{
"name": "25468",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25468"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://crisp.cs.du.edu/?q=node/36"
},
{
"name": "40119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941"
},
{
"name": "1018617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018617"
},
{
"name": "26625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26625"
},
{
"name": "ADV-2007-3003",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3003"
},
{
"name": "40118",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"name": "subversion-filename-directory-traversal(36312)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36312"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-3846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\\ (dot dot backslash) sequence in the filename, as stored in the file repository."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3004",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3004"
},
{
"name": "[users-subversion] 20070828 Subversion 1.4.5 releaded (Win32 security release)",
"refsource": "MLIST",
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"name": "http://tortoisesvn.net/node/291",
"refsource": "CONFIRM",
"url": "http://tortoisesvn.net/node/291"
},
{
"name": "26632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26632"
},
{
"name": "25468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25468"
},
{
"name": "http://crisp.cs.du.edu/?q=node/36",
"refsource": "MISC",
"url": "http://crisp.cs.du.edu/?q=node/36"
},
{
"name": "40119",
"refsource": "OSVDB",
"url": "http://osvdb.org/40119"
},
{
"name": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941",
"refsource": "CONFIRM",
"url": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941"
},
{
"name": "1018617",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018617"
},
{
"name": "26625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26625"
},
{
"name": "ADV-2007-3003",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3003"
},
{
"name": "40118",
"refsource": "OSVDB",
"url": "http://osvdb.org/40118"
},
{
"name": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413",
"refsource": "CONFIRM",
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"name": "subversion-filename-directory-traversal(36312)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36312"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3846",
"datePublished": "2007-08-28T18:00:00",
"dateReserved": "2007-07-18T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14422 (GCVE-0-2019-14422)
Vulnerability from cvelistv5
Published
2019-08-15 16:02
Modified
2024-08-05 00:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2188"
},
{
"name": "FULLDISC 20190813 TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T16:02:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2188"
},
{
"name": "FULLDISC 20190813 TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=2188",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=2188"
},
{
"name": "FULLDISC 20190813 TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14422",
"datePublished": "2019-08-15T16:02:12",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-08-15 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Aug/7 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.vulnerability-lab.com/get_content.php?id=2188 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Aug/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vulnerability-lab.com/get_content.php?id=2188 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tortoisesvn | tortoisesvn | 1.12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tortoisesvn:tortoisesvn:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5129A8-0E59-4671-B05A-B06C6AA166EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en TortoiseSVN versi\u00f3n 1.12.1. El manejador del URI Tsvncmd: permite una operaci\u00f3n diff personalizada en los libros de trabajo de Excel, que podr\u00eda ser usado para abrir libros de trabajo remotos sin protecci\u00f3n de la configuraci\u00f3n de seguridad de macros para ejecutar c\u00f3digo arbitrario. Un URI tsvncmd:command:diff?path:[file1]?path2:[file2] ejecutar\u00e1 un diff personalizada en [file1] y [file2] en base de la extensi\u00f3n del archivo. Para los archivos xls, se ejecutar\u00e1 el script diff-xls.js usando wscript, que abrir\u00e1 los dos archivos para su an\u00e1lisis sin ninguna advertencia de seguridad de macro. Un atacante puede explotar esto colocando un virus macro en una unidad de red y forzando a la v\u00edctima a abrir los libros de trabajo y ejecutar la macro en su interior."
}
],
"id": "CVE-2019-14422",
"lastModified": "2024-11-21T04:26:43.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-15T17:15:13.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2188"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-28 18:17
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://crisp.cs.du.edu/?q=node/36 | ||
| secalert@redhat.com | http://osvdb.org/40118 | ||
| secalert@redhat.com | http://osvdb.org/40119 | ||
| secalert@redhat.com | http://secunia.com/advisories/26625 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/26632 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://securitytracker.com/id?1018617 | ||
| secalert@redhat.com | http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941 | Patch | |
| secalert@redhat.com | http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413 | ||
| secalert@redhat.com | http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413 | ||
| secalert@redhat.com | http://tortoisesvn.net/node/291 | Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/25468 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2007/3003 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2007/3004 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/36312 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://crisp.cs.du.edu/?q=node/36 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/40118 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/40119 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26625 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26632 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1018617 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tortoisesvn.net/node/291 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25468 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3003 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3004 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/36312 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| subversion | subversion | * | |
| tortoisesvn | tortoisesvn | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:subversion:subversion:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "1990E01B-99A1-4E5F-B84E-466B654B518B",
"versionEndIncluding": "1.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tortoisesvn:tortoisesvn:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "AB68E39A-869E-469E-88AB-6B4786CAA85C",
"versionEndIncluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\\ (dot dot backslash) sequence in the filename, as stored in the file repository."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Subversion anterior a 1.4.5, utilizado en TortoiseSVN anterior a 1.4.5 y posiblemente otros productos, cuando se ejecuta en sistemas basados en Windows, permite a usuarios autenticados remotamente sobrescribir y crear archivos de su elecci\u00f3n mediante una secuencia ..\\ (punto punto barra invertida) en el nombre de archivo, almacenado en el repositorio de archivos."
}
],
"id": "CVE-2007-3846",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-28T18:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://crisp.cs.du.edu/?q=node/36"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/40118"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/40119"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26625"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26632"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1018617"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941"
},
{
"source": "secalert@redhat.com",
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"source": "secalert@redhat.com",
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://tortoisesvn.net/node/291"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/25468"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/3003"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/3004"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://crisp.cs.du.edu/?q=node/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://subversion.tigris.org/servlets/ReadMsg?list=users\u0026msgNo=69413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tortoisesvn.net/node/291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36312"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}