Lucene search

[email protected]CVE-2009-0240

HistoryJan 21, 2009 - 2:30 a.m.

CVE-2009-0240

2009-01-2102:30:00

CWE-264

[email protected]

web.nvd.nist.gov

websvn

listing.php

remote file read

cve-2009-0240

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.4%

JSON

listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.

Affected configurations

NVD

Node

tigriswebsvnMatch2.0

CPENameOperatorVersion
tigris:websvntigris websvneq2.0

CPE	Name	Operator	Version
tigris:websvn	tigris websvn	eq	2.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191

secunia.com/advisories/32338

secunia.com/advisories/33945

secunia.com/advisories/34191

www.debian.org/security/2009/dsa-1725

www.gentoo.org/security/en/glsa/glsa-200903-20.xml

www.openwall.com/lists/oss-security/2009/01/18/2

exchange.xforce.ibmcloud.com/vulnerabilities/48171

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.4%

JSON

Related for CVE-2009-0240

openvas8 securityvulns4 cvelist1 nvd1 seebug1 prion1 ubuntucve1 debian1 nessus3 gentoo1 freebsd1