WebSVN Script Multiple Vulnerabilities Network Vulnerability

Summary

This host is running WebSVN and is prone to Multiple Vulnerabilities. Vulnerability: Multiple flaws are due to, - input passed in the URL to index.php is not properly sanitised before being returned to the user. - input passed to the rev parameter in rss.php is not properly sanitised before being used, when magic_quotes_gpc is disable. - restricted access to the repositories is not properly enforced.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the context of the web application and execute cross site scripting attacks and can gain sensitive information or can cause directory traversal attacks. Impact Level: Application

Solution

Upgrade to the latest version 2.1.0 http://websvn.tigris.org/servlets/ProjectDocumentList

Affected

WebSVN version prior to 2.1.0

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191
http://secunia.com/advisories/32338

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-5918, CVE-2008-5919, CVE-2008-5920, CVE-2009-0240
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ASP-Dev XM Event Diary Multiple Vulnerabilities
ATutor password reminder SQL injection
Apple Safari RSS Feed Information Disclosure Vulnerability
Acidcat CMS Multiple Vulnerabilities
b2Evolution title SQL Injection

Take action and discover your vulnerabilities