fkie_nvd - fkie_cve-2013-2088

fkie_cve-2013-2088

Vulnerability from fkie_nvd

Published

2013-07-31 13:20

Modified

2025-04-11 00:51

Severity ?

Summary

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
secalert@redhat.com	http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E
secalert@redhat.com	http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772
secalert@redhat.com	https://subversion.apache.org/security/CVE-2013-2088-advisory.txt	Vendor Advisory
secalert@redhat.com	https://www.exploit-db.com/exploits/40507/
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E
af854a3a-2127-422b-91ae-364da2661108	http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772
af854a3a-2127-422b-91ae-364da2661108	https://subversion.apache.org/security/CVE-2013-2088-advisory.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40507/

Impacted products

Vendor	Product	Version
apache	subversion	*
apache	subversion	1.6.0
apache	subversion	1.6.1
apache	subversion	1.6.2
apache	subversion	1.6.3
apache	subversion	1.6.4
apache	subversion	1.6.5
apache	subversion	1.6.6
apache	subversion	1.6.7
apache	subversion	1.6.8
apache	subversion	1.6.9
apache	subversion	1.6.10
apache	subversion	1.6.11
apache	subversion	1.6.12
apache	subversion	1.6.13
apache	subversion	1.6.14
apache	subversion	1.6.15
apache	subversion	1.6.16
apache	subversion	1.6.17
apache	subversion	1.6.18
apache	subversion	1.6.19
apache	subversion	1.6.20
collabnet	subversion	1.6.17
opensuse	opensuse	11.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB53A2F2-923F-4959-95D5-CBD665F68E64",
              "versionEndIncluding": "1.6.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F34F463-6350-4F48-B037-856DDBB1A4FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C813BA-B8F9-446B-A07F-B51F26815578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF4080D-0D95-429E-88AA-1051A5520C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF50F098-A055-4B79-AC35-6BD6F32D70F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "540461D4-87F4-42AB-ADDC-C7A067FE2893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E676744-C623-4894-8764-43588E56D2FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "669735D1-1C14-4CD7-AA7C-AD2CA63A1979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C568FD-54BC-4506-AF60-BFE7CE14D0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F71F24-D909-49D9-8B4F-FA757FDF1C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "034D1C36-B73E-443E-A6B4-44CC6E7BC043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D373245-8384-45E4-BE2E-E0518BD7F84F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED44413-D313-4588-9A4B-25F79D0925A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C193EB08-BBC2-43A2-B11A-9C7E2098862D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "022A5BCE-A1DC-48E2-829D-AD9261562095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "155F83A1-A04A-48C0-A801-B38F129F310F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "302DC06D-5FB1-4EF9-B5E1-6407B88D65FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A15D05-29BA-4CCC-9348-A516E1E2C079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "2004B474-9869-445D-957D-20EF254FB461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F91A5E0-0DD8-47DD-B52E-A15E8064945F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C34BE8D-6DFF-4E57-971C-8CCEF13E6500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CDBC5BA-6A3C-4DB9-BE16-83A4EB85100C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:collabnet:subversion:1.6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "473AAEA5-A18F-4BF7-8F70-57E0582AEC16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename."
    },
    {
      "lang": "es",
      "value": "contrib/hook-scripts/svn-keyword-check.pl en Subversion anterior a 1.6.23, permite a usuarios autenticados remotamente con permisos de \"commit\" la ejecuci\u00f3n de comandos arbitrarios a trav\u00e9s de metacaracteres shell en un nombre de archivo."
    }
  ],
  "id": "CVE-2013-2088",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-31T13:20:24.710",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://subversion.apache.org/security/CVE-2013-2088-advisory.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.exploit-db.com/exploits/40507/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://subversion.apache.org/security/CVE-2013-2088-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/40507/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-2088 (GCVE-0-2013-2088)

Vulnerability from cvelistv5

Published

2013-07-31 10:00