CVE-2017-9800

Published Aug 11, 2017

Last updated a year ago

CVSS critical 9.8

Overview

Description: A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C10F0402-14B0-4870-91A0-53BA3200B2B1",
            "versionEndIncluding": "1.8.18"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "892FF423-1848-4E69-8C4C-E1972B656196"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9ACF37C7-8752-4A8F-B7E3-2E813C4A0DF0"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74200C33-9505-48EB-964D-6CA28C7F6DB8"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09FBAFE7-986D-4B24-8122-FDCC380331C9"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32B6148E-3E5F-4DCB-BD8E-45B3D56CB18C"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA37FBDF-C9BD-4D8F-B24A-CC35DF7EE7FA"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.9.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E228BEF8-CACB-46DF-816B-ECCB406DFB60"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDEDF94B-8B94-43AD-8DA7-580EF40CAD26"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.10.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8053093C-E4F4-411B-A4B7-1728E40E7D89"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.10.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6997704A-5C87-47B7-BF17-5C0F43642065"
          },
          {
            "criteria": "cpe:2.3:a:apache:subversion:1.10.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1E5C581-41D7-4694-A050-5455D6C8BB74"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References