Vulnerability-Lookup

CVE-2010-3315 (GCVE-0-2010-3315)

Vulnerability from cvelistv5 – Published: 2010-10-04 20:00 – Updated: 2024-08-07 03:03

Summary

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/41652	third-party-advisoryx_refsource_SECUNIA
	http://subversion.apache.org/security/CVE-2010-33…	x_refsource_CONFIRM
	http://security-tracker.debian.org/tracker/CVE-20…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0264	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.debian.org/security/2010/dsa-2118	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/43346	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-02…	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-1053-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/43139	third-party-advisoryx_refsource_SECUNIA
	http://support.apple.com/kb/HT4581	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:19007",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007"
          },
          {
            "name": "41652",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41652"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://subversion.apache.org/security/CVE-2010-3315-advisory.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://security-tracker.debian.org/tracker/CVE-2010-3315"
          },
          {
            "name": "ADV-2011-0264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0264"
          },
          {
            "name": "APPLE-SA-2011-03-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
          },
          {
            "name": "DSA-2118",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2118"
          },
          {
            "name": "43346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43346"
          },
          {
            "name": "RHSA-2011:0258",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0258.html"
          },
          {
            "name": "USN-1053-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1053-1"
          },
          {
            "name": "SUSE-SR:2010:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
          },
          {
            "name": "MDVSA-2010:199",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:199"
          },
          {
            "name": "43139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4581"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:19007",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007"
        },
        {
          "name": "41652",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41652"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://subversion.apache.org/security/CVE-2010-3315-advisory.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://security-tracker.debian.org/tracker/CVE-2010-3315"
        },
        {
          "name": "ADV-2011-0264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0264"
        },
        {
          "name": "APPLE-SA-2011-03-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
        },
        {
          "name": "DSA-2118",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2118"
        },
        {
          "name": "43346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43346"
        },
        {
          "name": "RHSA-2011:0258",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0258.html"
        },
        {
          "name": "USN-1053-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1053-1"
        },
        {
          "name": "SUSE-SR:2010:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
        },
        {
          "name": "MDVSA-2010:199",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:199"
        },
        {
          "name": "43139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4581"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3315",
    "datePublished": "2010-10-04T20:00:00.000Z",
    "dateReserved": "2010-09-13T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:03:18.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2010-3315

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-3315

Aliases

CVE-2010-3315

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3315",
    "description": "authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.",
    "id": "GSD-2010-3315",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-3315.html",
      "https://www.debian.org/security/2010/dsa-2118",
      "https://access.redhat.com/errata/RHSA-2011:0258",
      "https://linux.oracle.com/cve/CVE-2010-3315.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3315"
      ],
      "details": "authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.",
      "id": "GSD-2010-3315",
      "modified": "2023-12-13T01:21:34.301889Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2010-3315",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4581",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT4581"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
          },
          {
            "name": "http://secunia.com/advisories/43139",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43139"
          },
          {
            "name": "http://secunia.com/advisories/43346",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43346"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-0258.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0258.html"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1053-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1053-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2011/0264",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2011/0264"
          },
          {
            "name": "http://secunia.com/advisories/41652",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/41652"
          },
          {
            "name": "http://security-tracker.debian.org/tracker/CVE-2010-3315",
            "refsource": "MISC",
            "url": "http://security-tracker.debian.org/tracker/CVE-2010-3315"
          },
          {
            "name": "http://subversion.apache.org/security/CVE-2010-3315-advisory.txt",
            "refsource": "MISC",
            "url": "http://subversion.apache.org/security/CVE-2010-3315-advisory.txt"
          },
          {
            "name": "http://www.debian.org/security/2010/dsa-2118",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2010/dsa-2118"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:199",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:199"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-3315"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://security-tracker.debian.org/tracker/CVE-2010-3315",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://security-tracker.debian.org/tracker/CVE-2010-3315"
            },
            {
              "name": "http://subversion.apache.org/security/CVE-2010-3315-advisory.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://subversion.apache.org/security/CVE-2010-3315-advisory.txt"
            },
            {
              "name": "41652",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/41652"
            },
            {
              "name": "MDVSA-2010:199",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:199"
            },
            {
              "name": "DSA-2118",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2010/dsa-2118"
            },
            {
              "name": "SUSE-SR:2010:024",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
            },
            {
              "name": "ADV-2011-0264",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0264"
            },
            {
              "name": "USN-1053-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1053-1"
            },
            {
              "name": "43139",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43139"
            },
            {
              "name": "RHSA-2011:0258",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0258.html"
            },
            {
              "name": "43346",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43346"
            },
            {
              "name": "http://support.apple.com/kb/HT4581",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4581"
            },
            {
              "name": "APPLE-SA-2011-03-21-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
            },
            {
              "name": "oval:org.mitre.oval:def:19007",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-19T01:31Z",
      "publishedDate": "2010-10-04T21:00Z"
    }
  }
}

CERTA-2011-AVI-162

Vulnerability from certfr_avis - Published: 2011-03-22 - Updated: 2011-03-22

De nombreuses vulnérabilités ont été corrigées dans Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X, notamment :

Airport ;
AppleScript ;
ATS ;
CarbonCore ;
CoreText ;
File Quarantine ;
HFS ;
ImageIO ;
ImageRaw ;
Installer ;
Kernel ;
Libinfo ;
Libxml ;
QuickLook ;
QuickTime ;
Terminal.

Cette mise à jour corrige également un grand nombre de vulnérabilités dans des logiciels inclus au système d'exploitation comme Apache, ClamAV, Kerberos, Mailman, PHP, Ruby, Samba, Subversion et X11. Parmi les failles corrigées, certaines permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X Server 10.6.x.
N/A	N/A	Mac OS X Server 10.5.8 ;
N/A	N/A	Mac OS X 10.6.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4581 du 21 mars 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X, notamment :\n\n-   Airport ;\n-   AppleScript ;\n-   ATS ;\n-   CarbonCore ;\n-   CoreText ;\n-   File Quarantine ;\n-   HFS ;\n-   ImageIO ;\n-   ImageRaw ;\n-   Installer ;\n-   Kernel ;\n-   Libinfo ;\n-   Libxml ;\n-   QuickLook ;\n-   QuickTime ;\n-   Terminal.\n\nCette mise \u00e0 jour corrige \u00e9galement un grand nombre de vuln\u00e9rabilit\u00e9s\ndans des logiciels inclus au syst\u00e8me d\u0027exploitation comme Apache,\nClamAV, Kerberos, Mailman, PHP, Ruby, Samba, Subversion et X11. Parmi\nles failles corrig\u00e9es, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0170"
    },
    {
      "name": "CVE-2010-3089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3089"
    },
    {
      "name": "CVE-2010-3870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3870"
    },
    {
      "name": "CVE-2011-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
    },
    {
      "name": "CVE-2010-3709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3709"
    },
    {
      "name": "CVE-2010-4020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4020"
    },
    {
      "name": "CVE-2011-0172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0172"
    },
    {
      "name": "CVE-2011-0181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0181"
    },
    {
      "name": "CVE-2011-0192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
    },
    {
      "name": "CVE-2010-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3710"
    },
    {
      "name": "CVE-2011-0183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0183"
    },
    {
      "name": "CVE-2010-4494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
    },
    {
      "name": "CVE-2011-0182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0182"
    },
    {
      "name": "CVE-2010-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2068"
    },
    {
      "name": "CVE-2010-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1452"
    },
    {
      "name": "CVE-2010-4021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4021"
    },
    {
      "name": "CVE-2011-0173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0173"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2010-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2950"
    },
    {
      "name": "CVE-2011-0191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0191"
    },
    {
      "name": "CVE-2011-0186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0186"
    },
    {
      "name": "CVE-2011-0178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0178"
    },
    {
      "name": "CVE-2010-3802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3802"
    },
    {
      "name": "CVE-2010-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4409"
    },
    {
      "name": "CVE-2011-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0190"
    },
    {
      "name": "CVE-2011-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1417"
    },
    {
      "name": "CVE-2010-3801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3801"
    },
    {
      "name": "CVE-2010-4479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4479"
    },
    {
      "name": "CVE-2011-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0188"
    },
    {
      "name": "CVE-2010-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3814"
    },
    {
      "name": "CVE-2010-3855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3855"
    },
    {
      "name": "CVE-2011-0180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0180"
    },
    {
      "name": "CVE-2010-1324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1324"
    },
    {
      "name": "CVE-2011-0174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0174"
    },
    {
      "name": "CVE-2011-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0189"
    },
    {
      "name": "CVE-2006-7243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7243"
    },
    {
      "name": "CVE-2010-4261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4261"
    },
    {
      "name": "CVE-2010-3434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3434"
    },
    {
      "name": "CVE-2010-4260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4260"
    },
    {
      "name": "CVE-2010-3315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3315"
    },
    {
      "name": "CVE-2011-0184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0184"
    },
    {
      "name": "CVE-2011-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0179"
    },
    {
      "name": "CVE-2010-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
    },
    {
      "name": "CVE-2011-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0177"
    },
    {
      "name": "CVE-2010-1323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1323"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2010-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
    },
    {
      "name": "CVE-2011-0194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0194"
    },
    {
      "name": "CVE-2011-0175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0175"
    },
    {
      "name": "CVE-2010-4150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4150"
    },
    {
      "name": "CVE-2011-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0193"
    },
    {
      "name": "CVE-2011-0176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0176"
    },
    {
      "name": "CVE-2010-4009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4009"
    }
  ],
  "initial_release_date": "2011-03-22T00:00:00",
  "last_revision_date": "2011-03-22T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-162",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Leur\nexploitation permet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4581 du 21 mars 2011",
      "url": "http://support.apple.com/kb/HT4581"
    }
  ]
}

CERTA-2011-AVI-056

Vulnerability from certfr_avis - Published: 2011-02-04 - Updated: 2011-02-04

Plusieurs vulnérabilités, présentes dans Apache Subversion, permettent à un utilisateur malveillant de contourner la politique de sécurité ou de provoquer un déni de service à distance.

Description

Deux vulnérabilités dans Apache Subversion permettent à un utilisateur authentifié de contourner des restrictions d'accès et d'obtenir des informations sans y être autorisé.

Deux autres vulnérabilités permettent à un utilisateur distant authentifié de provoquer un déni de service par le biais d'une corruption de la mémoire ou d'un épuisement de ressources système.

Solution

La version Apache Subversion 1.6.15 remédie à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apache Subversion, versions antérieures à la version 1.6.15.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste des changements apporté par la version 1.6.15 d'Apache Subversion du 26 novembre 2010	None	vendor-advisory
Bulletin de sécurité Mandriva MDVSA-2011:006 du 14 janvier 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-0099 du 18 janvier 2011 :	-	other
Bulletin de sécurité Ubuntu USN-1053-1 du 01 février 2011 :	-	other
Liste des changements apportés par la version 1.6.15 d'Apache Subversion du 26 novembre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApache Subversion, versions ant\u00e9rieures  \u00e0 la version 1.6.15.\u003c/p\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s dans Apache Subversion permettent \u00e0 un utilisateur\nauthentifi\u00e9 de contourner des restrictions d\u0027acc\u00e8s et d\u0027obtenir des\ninformations sans y \u00eatre autoris\u00e9.\n\nDeux autres vuln\u00e9rabilit\u00e9s permettent \u00e0 un utilisateur distant\nauthentifi\u00e9 de provoquer un d\u00e9ni de service par le biais d\u0027une\ncorruption de la m\u00e9moire ou d\u0027un \u00e9puisement de ressources syst\u00e8me.\n\n## Solution\n\nLa version Apache Subversion 1.6.15 rem\u00e9die \u00e0 ces vuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2448"
    },
    {
      "name": "CVE-2010-4539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4539"
    },
    {
      "name": "CVE-2010-4644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4644"
    },
    {
      "name": "CVE-2010-3315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3315"
    }
  ],
  "initial_release_date": "2011-02-04T00:00:00",
  "last_revision_date": "2011-02-04T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2011:006 du 14 janvier    2011 :",
      "url": "http://www.mandriva.com/archives/security/advisories/?name=MDVSA-2011:006"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-0099 du 18 janvier    2011 :",
      "url": "http://http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1053-1 du 01 f\u00e9vrier 2011 :",
      "url": "http://www.ubuntu.com/usn/usn-1053-1"
    },
    {
      "title": "Liste des changements apport\u00e9s par la version 1.6.15    d\u0027Apache Subversion du 26 novembre 2010 :",
      "url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES"
    }
  ],
  "reference": "CERTA-2011-AVI-056",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s, pr\u00e9sentes dans Apache Subversion, permettent \u00e0\nun utilisateur malveillant de contourner la politique de s\u00e9curit\u00e9 ou de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apache Subversion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements apport\u00e9 par la version 1.6.15 d\u0027Apache Subversion du 26 novembre 2010",
      "url": null
    }
  ]
}

FKIE_CVE-2010-3315

Vulnerability from fkie_nvd - Published: 2010-10-04 21:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
secalert@redhat.com	http://secunia.com/advisories/41652	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/43139
secalert@redhat.com	http://secunia.com/advisories/43346
secalert@redhat.com	http://security-tracker.debian.org/tracker/CVE-2010-3315
secalert@redhat.com	http://subversion.apache.org/security/CVE-2010-3315-advisory.txt	Patch
secalert@redhat.com	http://support.apple.com/kb/HT4581
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2118
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-0258.html
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1053-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0264
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41652	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43139
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43346
af854a3a-2127-422b-91ae-364da2661108	http://security-tracker.debian.org/tracker/CVE-2010-3315
af854a3a-2127-422b-91ae-364da2661108	http://subversion.apache.org/security/CVE-2010-3315-advisory.txt	Patch
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4581
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2118
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0258.html
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1053-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0264
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007

Impacted products

Vendor	Product	Version
apache	subversion	1.6.0
apache	subversion	1.6.1
apache	subversion	1.6.2
apache	subversion	1.6.3
apache	subversion	1.6.4
apache	subversion	1.6.5
apache	subversion	1.6.6
apache	subversion	1.6.7
apache	subversion	1.6.8
apache	subversion	1.6.9
apache	subversion	1.6.10
apache	subversion	1.6.11
apache	subversion	1.6.12
apache	subversion	1.5.0
apache	subversion	1.5.1
apache	subversion	1.5.2
apache	subversion	1.5.3
apache	subversion	1.5.4
apache	subversion	1.5.5
apache	subversion	1.5.6
apache	subversion	1.5.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F34F463-6350-4F48-B037-856DDBB1A4FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C813BA-B8F9-446B-A07F-B51F26815578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF4080D-0D95-429E-88AA-1051A5520C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF50F098-A055-4B79-AC35-6BD6F32D70F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "540461D4-87F4-42AB-ADDC-C7A067FE2893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E676744-C623-4894-8764-43588E56D2FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "669735D1-1C14-4CD7-AA7C-AD2CA63A1979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C568FD-54BC-4506-AF60-BFE7CE14D0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F71F24-D909-49D9-8B4F-FA757FDF1C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "034D1C36-B73E-443E-A6B4-44CC6E7BC043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D373245-8384-45E4-BE2E-E0518BD7F84F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED44413-D313-4588-9A4B-25F79D0925A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C193EB08-BBC2-43A2-B11A-9C7E2098862D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0CB798-F4ED-44E5-9B15-B7009EAC6303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3F6E5C-CF55-4CEB-A5B6-D49E0234FF3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C1DD29-88D2-49DE-9B77-D925A4B9EB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67130DAF-AE81-43D2-A208-58A53746A7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9F8426-38CB-46B4-B0D0-8D16B48DD53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "90631FFA-9AB2-483D-B162-31A47428D280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD5A981-3FDD-4E74-8EB2-5F324246FFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F4E8C9-671B-4DA3-9D0D-98539D8D4FE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands."
    },
    {
      "lang": "es",
      "value": "authz.c del m\u00f3dulo mod_dav_svn del servidor HTTP Apache, como se ha distribu\u00eddo en Apache Subversion v1.5.x anteriores a la v1.5.8 y v1.6.x anteriores a la v1.6.13, cuando SVNPathAuthz short_circuit est\u00e1 activo, no maneja apropiadamente un repositorio con nombre como una regla de alcance, lo que permite a usuarios autenticados remotos evitar las restricciones previstas a trav\u00e9s de comandos svn."
    }
  ],
  "id": "CVE-2010-3315",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-04T21:00:04.063",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41652"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43139"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43346"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security-tracker.debian.org/tracker/CVE-2010-3315"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://subversion.apache.org/security/CVE-2010-3315-advisory.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4581"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2118"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:199"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0258.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1053-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0264"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security-tracker.debian.org/tracker/CVE-2010-3315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://subversion.apache.org/security/CVE-2010-3315-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0258.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1053-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RWPR-66P9-2829

Vulnerability from github – Published: 2022-05-17 01:04 – Updated: 2022-05-17 01:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3315"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-10-04T21:00:00Z",
    "severity": "MODERATE"
  },
  "details": "authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.",
  "id": "GHSA-rwpr-66p9-2829",
  "modified": "2022-05-17T01:04:01Z",
  "published": "2022-05-17T01:04:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3315"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41652"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43139"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43346"
    },
    {
      "type": "WEB",
      "url": "http://security-tracker.debian.org/tracker/CVE-2010-3315"
    },
    {
      "type": "WEB",
      "url": "http://subversion.apache.org/security/CVE-2010-3315-advisory.txt"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4581"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2118"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:199"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0258.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1053-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3315 (GCVE-0-2010-3315)

GSD-2010-3315

CERTA-2011-AVI-162

Description

Solution

CERTA-2011-AVI-056

Description

Solution

FKIE_CVE-2010-3315

GHSA-RWPR-66P9-2829

Tags

Sightings

Nomenclature