CVE-2007-3846 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3846
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3846

Description: Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36312 ST 1018617 SAID Secunia Advisory: SA26625 Secunia Advisory: SA26632 OSVDB 40118 40119 MLIST http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413 MISC http://crisp.cs.du.edu/?q=node/36 CONFIRM http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413 http://tortoisesvn.net/node/291 http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941 BID 25468

Return to the previous page.