CVE-2010-3315

EUVD-2010-3313
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
apachesubversion
1.6.0
apachesubversion
1.6.1
apachesubversion
1.6.2
apachesubversion
1.6.3
apachesubversion
1.6.4
apachesubversion
1.6.5
apachesubversion
1.6.6
apachesubversion
1.6.7
apachesubversion
1.6.8
apachesubversion
1.6.9
apachesubversion
1.6.10
apachesubversion
1.6.11
apachesubversion
1.6.12
apachesubversion
1.5.0
apachesubversion
1.5.1
apachesubversion
1.5.2
apachesubversion
1.5.3
apachesubversion
1.5.4
apachesubversion
1.5.5
apachesubversion
1.5.6
apachesubversion
1.5.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bookworm
1.14.2-4
fixed
bullseye
1.14.1-3+deb11u1
fixed
bullseye (security)
1.14.1-3+deb11u1
fixed
sid
1.14.4-2
fixed
trixie
1.14.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
dapper
not-affected
hardy
not-affected
jaunty
ignored
karmic
Fixed 1.6.5dfsg-1ubuntu1.1
released
lucid
Fixed 1.6.6dfsg-2ubuntu1.1
released
maverick
Fixed 1.6.12dfsg-1ubuntu1.1
released
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://secunia.com/advisories/41652
http://secunia.com/advisories/43139
http://secunia.com/advisories/43346
http://security-tracker.debian.org/tracker/CVE-2010-3315
http://subversion.apache.org/security/CVE-2010-3315-advisory.txt
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2010/dsa-2118
http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
http://www.redhat.com/support/errata/RHSA-2011-0258.html
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2011/0264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://secunia.com/advisories/41652
http://secunia.com/advisories/43139
http://secunia.com/advisories/43346
http://security-tracker.debian.org/tracker/CVE-2010-3315
http://subversion.apache.org/security/CVE-2010-3315-advisory.txt
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2010/dsa-2118
http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
http://www.redhat.com/support/errata/RHSA-2011-0258.html
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2011/0264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007