CVE-2007-2448
NONE EPSS 71.6%
Published Jun 14, 200719y ago · Modified Jun 16, 20262w ago
Published Jun 14, 2007 19y ago
Last Modified Jun 16, 2026 2w ago
Description
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
Threat Intelligence
EPSS Exploit Probability
71.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| subversion | subversion | * | ≤1.4.3 |
References 9
- osvdb.org http://osvdb.org/36070
- secunia.com http://secunia.com/advisories/43139
- securitytracker.com http://securitytracker.com/id?1018237
- subversion.tigris.org http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
- securityfocus.com http://www.securityfocus.com/bid/24463
- ubuntu.com http://www.ubuntu.com/usn/USN-1053-1
- vupen.com http://www.vupen.com/english/advisories/2007/2230
- vupen.com http://www.vupen.com/english/advisories/2011/0264
- issues.rpath.com https://issues.rpath.com/browse/RPL-1896
Remediation
- securitytracker.com http://securitytracker.com/id?1018237
- securityfocus.com http://www.securityfocus.com/bid/24463