Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5919

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-5919
Last Modified 19 Mar 2009 01:48:27
Published 20 Jan 2009 09:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5919

Summary

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.

Vulnerable Systems

Application

  • Tigris Websvn 1.00

  • Tigris Websvn 1.01

  • Tigris Websvn 1.02

  • Tigris Websvn 1.03

  • Tigris Websvn 1.04

  • Tigris Websvn 1.10

  • Tigris Websvn 1.20

  • Tigris Websvn 1.31a

  • Tigris Websvn 1.32

  • Tigris Websvn 1.33

  • Tigris Websvn 1.34

  • Tigris Websvn 1.37

  • Tigris Websvn 1.38

  • Tigris Websvn 1.39

  • Tigris Websvn 1.40

  • Tigris Websvn 1.51

  • Tigris Websvn 1.60

  • Tigris Websvn 1.61

  • Tigris Websvn 1.62

  • Tigris Websvn 2.0


References

CONFIRM - http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218

XF - websvn-rss-directory-traversal(46050)

BID - 31891

MILW0RM - 6822

MISC - http://www.gulftech.org/?node=research&article_id=00132-10202008

GENTOO - GLSA-200903-20

CONFIRM - http://websvn.tigris.org/issues/show_bug.cgi?id=179

SREASON - 4928

SECUNIA - 34191

SECUNIA - 32338


Last Updated: 27 May 2016 10:48:58