CVE-2007-3846
NONE EPSS 73.5%
Published Aug 28, 200718y ago · Modified Jun 16, 20262w ago
Published Aug 28, 2007 18y ago
Last Modified Jun 16, 2026 2w ago
Description
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
Threat Intelligence
EPSS Exploit Probability
73.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| subversion | subversion | * | ≤1.4.4 |
| tortoisesvn | tortoisesvn | * | ≤1.4.4 |
References 13
- crisp.cs.du.edu http://crisp.cs.du.edu/?q=node/36
- osvdb.org http://osvdb.org/40118
- osvdb.org http://osvdb.org/40119
- secunia.com http://secunia.com/advisories/26625
- secunia.com http://secunia.com/advisories/26632
- securitytracker.com http://securitytracker.com/id?1018617
- subversion.tigris.org http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941
- subversion.tigris.org http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413
- tortoisesvn.net http://tortoisesvn.net/node/291
- securityfocus.com http://www.securityfocus.com/bid/25468
- vupen.com http://www.vupen.com/english/advisories/2007/3003
- vupen.com http://www.vupen.com/english/advisories/2007/3004
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/36312
Remediation
- secunia.com http://secunia.com/advisories/26625
- secunia.com http://secunia.com/advisories/26632
- subversion.tigris.org http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941
- tortoisesvn.net http://tortoisesvn.net/node/291