Summary
This host is running WebSVN and is prone to Multiple Vulnerabilities.
Vulnerability:
Multiple flaws are due to,
- input passed in the URL to index.php is not properly sanitised before being returned to the user.
- input passed to the rev parameter in rss.php is not properly sanitised before being used, when magic_quotes_gpc is disable.
- restricted access to the repositories is not properly enforced.
Impact
Successful exploitation will let the attacker execute arbitrary codes in the context of the web application and execute cross site scripting attacks and can gain sensitive information or can cause directory traversal attacks.
Impact Level: Application
Solution
Upgrade to the latest version 2.1.0
http://websvn.tigris.org/servlets/ProjectDocumentList
Affected
WebSVN version prior to 2.1.0
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-5918, CVE-2008-5919, CVE-2008-5920, CVE-2009-0240 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities