FreeBSD Local Security Checks : FreeBSD Ports: websvn

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63358

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: websvn

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: websvn

CVE-2008-5918
Cross-site scripting (XSS) vulnerability in the
getParameterisedSelfUrl function in index.php in WebSVN 2.0 and
earlier allows remote attackers to inject arbitrary web script or HTML
via the PATH_INFO.

CVE-2008-5919
Directory traversal vulnerability in rss.php in WebSVN 2.0 and
earlier, when magic_quotes_gpc is disabled, allows remote attackers to
overwrite arbitrary files via directory traversal sequences in the rev
parameter.

CVE-2009-0240
listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN
authz file, allows remote authenticated users to read changelogs or
diffs for restricted projects via a modified repname parameter.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5918
BugTraq ID: 31891
http://www.securityfocus.com/bid/31891
https://www.exploit-db.com/exploits/6822
http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml
http://www.gulftech.org/?node=research&article_id=00132-10202008
http://secunia.com/advisories/32338
http://secunia.com/advisories/34191
http://securityreason.com/securityalert/4928
XForce ISS Database: websvn-index-xss(46048)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46048
Common Vulnerability Exposure (CVE) ID: CVE-2008-5919
XForce ISS Database: websvn-rss-directory-traversal(46050)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46050
Common Vulnerability Exposure (CVE) ID: CVE-2009-0240
Debian Security Information: DSA-1725 (Google Search)
http://www.debian.org/security/2009/dsa-1725
http://www.openwall.com/lists/oss-security/2009/01/18/2
http://secunia.com/advisories/33945
XForce ISS Database: websvn-listing-information-disclosure(48171)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48171

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63358
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: websvn
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: websvn CVE-2008-5918 Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. CVE-2008-5919 Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. CVE-2009-0240 listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5918 BugTraq ID: 31891 http://www.securityfocus.com/bid/31891 https://www.exploit-db.com/exploits/6822 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://www.gulftech.org/?node=research&article_id=00132-10202008 http://secunia.com/advisories/32338 http://secunia.com/advisories/34191 http://securityreason.com/securityalert/4928 XForce ISS Database: websvn-index-xss(46048) https://exchange.xforce.ibmcloud.com/vulnerabilities/46048 Common Vulnerability Exposure (CVE) ID: CVE-2008-5919 XForce ISS Database: websvn-rss-directory-traversal(46050) https://exchange.xforce.ibmcloud.com/vulnerabilities/46050 Common Vulnerability Exposure (CVE) ID: CVE-2009-0240 Debian Security Information: DSA-1725 (Google Search) http://www.debian.org/security/2009/dsa-1725 http://www.openwall.com/lists/oss-security/2009/01/18/2 http://secunia.com/advisories/33945 XForce ISS Database: websvn-listing-information-disclosure(48171) https://exchange.xforce.ibmcloud.com/vulnerabilities/48171
Copyright	Copyright (C) 2009 E-Soft Inc.