CVE-2017-9800

CVE Details

Release Date:2017-08-10

Description


A maliciously constructed svn+ssh:// URL would cause Subversionclients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

See more information about CVE-2017-9800 from MITRE CVE dictionary and NIST NVD


CVSS v2 metrics


NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score:7.5 Base Metrics:AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector: Network Confidentiality Impact: Partial
Access Impact: Low Integrity Impact: Partial
Authentication: None required Availability Impact: Partial

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (subversion)ELSA-2017-24802017-08-15



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete