Vulnerability Description
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Subversion | 1.8.0 |
Related Weaknesses (CWE)
References
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- https://subversion.apache.org/security/CVE-2013-4262-advisory.txtVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- https://subversion.apache.org/security/CVE-2013-4262-advisory.txtVendor Advisory
FAQ
What is CVE-2013-4262?
CVE-2013-4262 is a vulnerability with a CVSS score of 2.4 (LOW). svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this is...
How severe is CVE-2013-4262?
CVE-2013-4262 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4262?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Subversion.