Vulnerabilities > CVE-2010-3315 - Configuration vulnerability in Apache Subversion
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-199.NASL description A vulnerability was discovered and corrected in subversion : authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands (CVE-2010-3315). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49967 published 2010-10-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49967 title Mandriva Linux Security Advisory : subversion (MDVSA-2010:199) NASL family Fedora Local Security Checks NASL id FEDORA_2010-16148.NASL description This update includes the latest stable release of Subversion, version 1.6.13. Subversion servers up to 1.6.12 (inclusive) making use of the last seen 2020-06-01 modified 2020-06-02 plugin id 50396 published 2010-10-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50396 title Fedora 14 : subversion-1.6.13-1.fc14 (2010-16148) NASL family Fedora Local Security Checks NASL id FEDORA_2010-16136.NASL description This update includes the latest stable release of Subversion, version 1.6.13. Subversion servers up to 1.6.12 (inclusive) making use of the last seen 2020-06-01 modified 2020-06-02 plugin id 50395 published 2010-10-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50395 title Fedora 13 : subversion-1.6.13-1.fc13 (2010-16136) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1053-1.NASL description It was discovered that Subversion incorrectly handled certain last seen 2020-06-01 modified 2020-06-02 plugin id 51846 published 2011-02-02 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51846 title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : subversion vulnerabilities (USN-1053-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2118.NASL description Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn module of Subversion, a version control system, is not properly enforcing access rules which are scope-limited to named repositories. If the SVNPathAuthz option is set to last seen 2020-06-01 modified 2020-06-02 plugin id 49815 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49815 title Debian DSA-2118-1 : subversion - logic flaw NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0258.NASL description From Red Hat Security Advisory 2011:0258 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to last seen 2020-06-01 modified 2020-06-02 plugin id 68200 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68200 title Oracle Linux 6 : subversion (ELSA-2011-0258) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0258.NASL description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to last seen 2020-06-01 modified 2020-06-02 plugin id 51995 published 2011-02-16 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51995 title RHEL 6 : subversion (RHSA-2011:0258) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_7.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 52754 published 2011-03-22 reporter This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52754 title Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBSVN_AUTH_GNOME_KEYRING-1-0-101028.NASL description when using last seen 2020-06-01 modified 2020-06-02 plugin id 53679 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53679 title openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBSVN_AUTH_GNOME_KEYRING-1-0-101029.NASL description when using last seen 2020-06-01 modified 2020-06-02 plugin id 53758 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53758 title openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1) NASL family Scientific Linux Local Security Checks NASL id SL_20110215_SUBVERSION_ON_SL6_X.NASL description An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to last seen 2020-06-01 modified 2020-06-02 plugin id 60955 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60955 title Scientific Linux Security Update : subversion on SL6.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBSVN_AUTH_GNOME_KEYRING-1-0-101029.NASL description when using last seen 2020-06-01 modified 2020-06-02 plugin id 75615 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75615 title openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-16115.NASL description This update includes the latest stable release of Subversion, version 1.6.13. Subversion servers up to 1.6.12 (inclusive) making use of the last seen 2020-06-01 modified 2020-06-02 plugin id 50394 published 2010-10-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50394 title Fedora 12 : subversion-1.6.13-1.fc12.1 (2010-16115)
Oval
| accepted | 2015-05-04T04:00:13.707-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:19007 | ||||||||
| status | accepted | ||||||||
| submitted | 2013-10-02T13:00:00 | ||||||||
| title | Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server (CVE-2010-3315) | ||||||||
| version | 8 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://secunia.com/advisories/41652
- http://secunia.com/advisories/43139
- http://secunia.com/advisories/43346
- http://security-tracker.debian.org/tracker/CVE-2010-3315
- http://subversion.apache.org/security/CVE-2010-3315-advisory.txt
- http://support.apple.com/kb/HT4581
- http://www.debian.org/security/2010/dsa-2118
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
- http://www.redhat.com/support/errata/RHSA-2011-0258.html
- http://www.ubuntu.com/usn/USN-1053-1
- http://www.vupen.com/english/advisories/2011/0264
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007