Web application abuses : WebSVN < 2.1.0 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900441

Categoría: Web application abuses

Título: WebSVN < 2.1.0 Multiple Vulnerabilities

Resumen: WebSVN is prone to multiple vulnerabilities.

Descripción: Summary:
WebSVN is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- input passed in the URL to index.php is not properly sanitised before being returned to the
user.

- input passed to the rev parameter in rss.php is not properly sanitised before being used, when
magic_quotes_gpc is disable.

- restricted access to the repositories is not properly enforced.

Vulnerability Impact:
Successful exploitation may let the attacker execute arbitrary
code in the context of the web application, execute cross-site scripting attacks or gain
sensitive information.

Affected Software/OS:
WebSVN version prior to version 2.1.0.

Solution:
Update to version 2.1.0 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5918
BugTraq ID: 31891
http://www.securityfocus.com/bid/31891
https://www.exploit-db.com/exploits/6822
http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml
http://www.gulftech.org/?node=research&article_id=00132-10202008
http://secunia.com/advisories/32338
http://secunia.com/advisories/34191
http://securityreason.com/securityalert/4928
XForce ISS Database: websvn-index-xss(46048)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46048
Common Vulnerability Exposure (CVE) ID: CVE-2008-5919
XForce ISS Database: websvn-rss-directory-traversal(46050)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46050
Common Vulnerability Exposure (CVE) ID: CVE-2008-5920
XForce ISS Database: websvn-createanchors-code-execution(48168)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48168
Common Vulnerability Exposure (CVE) ID: CVE-2009-0240
Debian Security Information: DSA-1725 (Google Search)
http://www.debian.org/security/2009/dsa-1725
http://www.openwall.com/lists/oss-security/2009/01/18/2
http://secunia.com/advisories/33945
XForce ISS Database: websvn-listing-information-disclosure(48171)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48171

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900441
Categoría:	Web application abuses
Título:	WebSVN < 2.1.0 Multiple Vulnerabilities
Resumen:	WebSVN is prone to multiple vulnerabilities.
Descripción:	Summary: WebSVN is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - input passed in the URL to index.php is not properly sanitised before being returned to the user. - input passed to the rev parameter in rss.php is not properly sanitised before being used, when magic_quotes_gpc is disable. - restricted access to the repositories is not properly enforced. Vulnerability Impact: Successful exploitation may let the attacker execute arbitrary code in the context of the web application, execute cross-site scripting attacks or gain sensitive information. Affected Software/OS: WebSVN version prior to version 2.1.0. Solution: Update to version 2.1.0 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5918 BugTraq ID: 31891 http://www.securityfocus.com/bid/31891 https://www.exploit-db.com/exploits/6822 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://www.gulftech.org/?node=research&article_id=00132-10202008 http://secunia.com/advisories/32338 http://secunia.com/advisories/34191 http://securityreason.com/securityalert/4928 XForce ISS Database: websvn-index-xss(46048) https://exchange.xforce.ibmcloud.com/vulnerabilities/46048 Common Vulnerability Exposure (CVE) ID: CVE-2008-5919 XForce ISS Database: websvn-rss-directory-traversal(46050) https://exchange.xforce.ibmcloud.com/vulnerabilities/46050 Common Vulnerability Exposure (CVE) ID: CVE-2008-5920 XForce ISS Database: websvn-createanchors-code-execution(48168) https://exchange.xforce.ibmcloud.com/vulnerabilities/48168 Common Vulnerability Exposure (CVE) ID: CVE-2009-0240 Debian Security Information: DSA-1725 (Google Search) http://www.debian.org/security/2009/dsa-1725 http://www.openwall.com/lists/oss-security/2009/01/18/2 http://secunia.com/advisories/33945 XForce ISS Database: websvn-listing-information-disclosure(48171) https://exchange.xforce.ibmcloud.com/vulnerabilities/48171
Copyright	Copyright (C) 2009 Greenbone Networks GmbH