Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-3315

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

Related bugs and status

CVE-2010-3315 (Candidate) is related to these bugs:

Bug #659362: Subversion 1.6.13 security update

		In	Importance	Status
659362	Subversion 1.6.13 security update	subversion (Ubuntu)	Medium	Fix Released
659362	Subversion 1.6.13 security update	subversion (Ubuntu Karmic)	Medium	Fix Released
659362	Subversion 1.6.13 security update	subversion (Ubuntu Lucid)	Medium	Fix Released
659362	Subversion 1.6.13 security update	subversion (Ubuntu Maverick)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.vupen.com/e...
MISC: http://lists.apple.com...
MISC: http://www.debian.org/...
MISC: http://www.mandriva.co...
MISC: http://www.redhat.com/...
MISC: http://lists.opensuse....
MISC: http://www.ubuntu.com/...
MISC: http://security-tracke...
MISC: http://subversion.apac...
MISC: http://support.apple.c...
MISC: https://oval.cisecurit...