[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-883 ---- subversion mod_dav_svn mod24_dav_svn

ID: oval:org.secpod.oval:def:1600761Date: (C)2017-09-21   (M)2018-05-06
Class: PATCHFamily: unix




Command injection through clients via malicious svn+ssh URLsA shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit

Platform:
Amazon Linux AMI
Product:
subversion
mod_dav_svn
mod24_dav_svn
Reference:
ALAS-2017-883
CVE-2017-9800
CVE    1
CVE-2017-9800
CPE    16
cpe:/a:apache:subversion:1.9.4
cpe:/a:apache:subversion:1.10.0:alpha1
cpe:/a:apache:subversion:1.10.0:alpha2
cpe:/a:apache:subversion:1.10.0:alpha3
...

© SecPod Technologies