Vulnerability Description
listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.
CVSS Score
3.5
LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tigris | Websvn | 2.0 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191
- http://secunia.com/advisories/32338Vendor Advisory
- http://secunia.com/advisories/33945
- http://secunia.com/advisories/34191
- http://www.debian.org/security/2009/dsa-1725
- http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml
- http://www.openwall.com/lists/oss-security/2009/01/18/2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48171
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191
- http://secunia.com/advisories/32338Vendor Advisory
- http://secunia.com/advisories/33945
- http://secunia.com/advisories/34191
- http://www.debian.org/security/2009/dsa-1725
- http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml
- http://www.openwall.com/lists/oss-security/2009/01/18/2
FAQ
What is CVE-2009-0240?
CVE-2009-0240 is a vulnerability with a CVSS score of 3.5 (LOW). listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.
How severe is CVE-2009-0240?
CVE-2009-0240 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0240?
Check the references section above for vendor advisories and patch information. Affected products include: Tigris Websvn.