CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
apachesubversion
1.4.0
apachesubversion
1.4.1
apachesubversion
1.4.2
apachesubversion
1.4.3
apachesubversion
1.4.4
apachesubversion
1.4.5
apachesubversion
1.4.6
apachesubversion
1.5.0
apachesubversion
1.5.1
apachesubversion
1.5.2
apachesubversion
1.5.3
apachesubversion
1.5.4
apachesubversion
1.5.5
apachesubversion
1.5.6
apachesubversion
1.5.7
apachesubversion
1.5.8
apachesubversion
1.6.0
apachesubversion
1.6.1
apachesubversion
1.6.2
apachesubversion
1.6.3
apachesubversion
1.6.4
apachesubversion
1.6.5
apachesubversion
1.6.6
apachesubversion
1.6.7
apachesubversion
1.6.8
apachesubversion
1.6.9
apachesubversion
1.6.10
apachesubversion
1.6.11
apachesubversion
1.6.12
apachesubversion
1.6.13
apachesubversion
1.6.14
apachesubversion
1.6.15
apachesubversion
1.6.16
apachesubversion
1.6.17
apachesubversion
1.6.18
apachesubversion
1.6.19
apachesubversion
1.6.20
apachesubversion
1.6.21
apachesubversion
1.6.23
apachesubversion
1.7.0
apachesubversion
1.7.1
apachesubversion
1.7.2
apachesubversion
1.7.3
apachesubversion
1.7.4
apachesubversion
1.7.5
apachesubversion
1.7.6
apachesubversion
1.7.7
apachesubversion
1.7.8
apachesubversion
1.7.9
apachesubversion
1.7.10
apachesubversion
1.7.11
apachesubversion
1.7.12
apachesubversion
1.8.0
apachesubversion
1.8.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bullseye (security)
1.14.1-3+deb11u1
fixed
bullseye
1.14.1-3+deb11u1
fixed
squeeze
no-dsa
wheezy
no-dsa
bookworm
1.14.2-4
fixed
sid
1.14.4-2
fixed
trixie
1.14.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-09/msg00031.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00054.html
http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
http://www.securityfocus.com/bid/62266
https://exchange.xforce.ibmcloud.com/vulnerabilities/86972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18554
http://lists.opensuse.org/opensuse-updates/2013-09/msg00031.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00054.html
http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
http://www.securityfocus.com/bid/62266
https://exchange.xforce.ibmcloud.com/vulnerabilities/86972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18554