Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability



Apache Subversion is prone to a remote command-execution vulnerability.

Exploiting this issue could allow an attacker to execute arbitrary shell commands in the context of the affected system.

Subversion 1.0.0 through 1.8.18 and 1.9.0 through 1.9.6 are vulnerable.

Information

Bugtraq ID: 100259
Class: Input Validation Error
CVE: CVE-2017-9800

Remote: Yes
Local: No
Published: Aug 10 2017 12:00AM
Updated: Aug 10 2017 12:00AM
Credit: Jonathan Nieder
Vulnerable: Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Subversion 1.9.6
Apache Subversion 1.9.5
Apache Subversion 1.9.4
Apache Subversion 1.9.3
Apache Subversion 1.9.2
Apache Subversion 1.9.1
Apache Subversion 1.9
Apache Subversion 1.8.18
Apache Subversion 1.8.17
Apache Subversion 1.8.16
Apache Subversion 1.8.11
Apache Subversion 1.8.10
Apache Subversion 1.8.9
Apache Subversion 1.8.5
Apache Subversion 1.8.1
Apache Subversion 1.8
Apache Subversion 1.7.19
Apache Subversion 1.7.18
Apache Subversion 1.7.17
Apache Subversion 1.7.16
Apache Subversion 1.7.11
Apache Subversion 1.7.10
Apache Subversion 1.7.1
Apache Subversion 1.7
Apache Subversion 1.6.23
Apache Subversion 1.6.22
Apache Subversion 1.6.21
Apache Subversion 1.6.20
Apache Subversion 1.6.19
Apache Subversion 1.6.18
Apache Subversion 1.6.14
Apache Subversion 1.6.13
Apache Subversion 1.6.12
Apache Subversion 1.6.11
Apache Subversion 1.6.10
Apache Subversion 1.6.6
Apache Subversion 1.6.5
Apache Subversion 1.6.3
Apache Subversion 1.6.2
Apache Subversion 1.5.8
Apache Subversion 1.5.7
Apache Subversion 1.5.5
Apache Subversion 1.5.4
Apache Subversion 1.5.2
Apache Subversion 1.4.6
Apache Subversion 1.3.2
Apache Subversion 1.0.9
Apache Subversion 1.0.8
Apache Subversion 1.0.7
Apache Subversion 1.0.6
Apache Subversion 1.0.2
Apache Subversion 1.8.8
Apache Subversion 1.8.7
Apache Subversion 1.8.6
Apache Subversion 1.8.4
Apache Subversion 1.8.3
Apache Subversion 1.8.2
Apache Subversion 1.8.15
Apache Subversion 1.8.14
Apache Subversion 1.8.13
Apache Subversion 1.7.9
Apache Subversion 1.7.8
Apache Subversion 1.7.7
Apache Subversion 1.7.6
Apache Subversion 1.7.5
Apache Subversion 1.7.4
Apache Subversion 1.7.3
Apache Subversion 1.7.22
Apache Subversion 1.7.21
Apache Subversion 1.7.20
Apache Subversion 1.7.2
Apache Subversion 1.7.15
Apache Subversion 1.7.14
Apache Subversion 1.7.13
Apache Subversion 1.7.12
Apache Subversion 1.6.9
Apache Subversion 1.6.8
Apache Subversion 1.6.7
Apache Subversion 1.6.4
Apache Subversion 1.6.17
Apache Subversion 1.6.16
Apache Subversion 1.6.15
Apache Subversion 1.6.1
Apache Subversion 1.6.0
Apache Subversion 1.5.6
Apache Subversion 1.4.5
Apache Subversion 1.4.4
Apache Subversion 1.4.2
Apache Subversion 1.4.1
Apache Subversion 1.4.0
Apache Subversion 1.3.1
Apache Subversion 1.3.0
Apache Subversion 1.2.3
Apache Subversion 1.2.2
Apache Subversion 1.2.1
Apache Subversion 1.1.3
Apache Subversion 1.1.2
Apache Subversion 1.1.1
Apache Subversion 1.1.0
Apache Subversion 1.0.5
Apache Subversion 1.0.4
Apache Subversion 1.0.3
Apache Subversion 1.0.1


Not Vulnerable: Apache Subversion 1.9.7
Apache Subversion 1.8.19


Exploit


An attacker can exploit this issue using readily available tools.


Source: www.securityfocus.com
Related Posts