Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-0240 | First vendor Publication | 2009-01-20 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 3.5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0240 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13516 | |||
| Oval ID: | oval:org.mitre.oval:def:13516 | ||
| Title: | DSA-1725-1 websvn -- programming error | ||
| Description: | Bas van Schaik discovered that WebSVN, a tool to view Subversion repositories over the web, did not properly restrict access to private repositories, allowing a remote attacker to read significant parts of their content. The old stable distribution is not affected by this problem. For the stable distribution, this problem has been fixed in version 2.0-4+lenny1. For the unstable distribution, this problem has also been fixed in version 2.0-4+lenny1. We recommend that you upgrade your websvn package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1725-1 CVE-2009-0240 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | websvn |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-03-20 | Name : Debian Security Advisory DSA 1725-1 (websvn) File : nvt/deb_1725_1.nasl |
| 2009-03-13 | Name : Gentoo Security Advisory GLSA 200903-20 (websvn) File : nvt/glsa_200903_20.nasl |
| 2009-02-13 | Name : FreeBSD Ports: websvn File : nvt/freebsd_websvn.nasl |
| 2009-01-23 | Name : WebSVN Script Multiple Vulnerabilities File : nvt/secpod_websvn_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 51611 | WebSVN listing.php repname Parameter Remote File Access |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-03-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-20.nasl - Type : ACT_GATHER_INFO |
| 2009-02-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1725.nasl - Type : ACT_GATHER_INFO |
| 2009-02-09 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_71597e3ef6b811dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:12:27 |
|
| 2024-11-28 12:18:08 |
|
| 2021-05-04 12:09:02 |
|
| 2021-04-22 01:09:23 |
|
| 2020-05-23 00:23:15 |
|
| 2017-08-08 09:24:39 |
|
| 2016-04-26 18:34:31 |
|
| 2014-02-17 10:48:31 |
|
| 2013-05-10 23:42:53 |
|
