Vulnerability Details : CVE-2007-6350
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
Vulnerability category: Execute code
Products affected by CVE-2007-6350
- cpe:2.3:a:scponly:scponly:*:*:*:*:*:*:*:*
- cpe:2.3:a:scponly:scponly:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:scponly:scponly:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:scponly:scponly:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:scponly:scponly:4.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6350
1.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6350
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2007-6350
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6350
-
http://bugs.gentoo.org/show_bug.cgi?id=201726
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html
-
http://www.debian.org/security/2008/dsa-1473
-
http://www.vupen.com/english/advisories/2007/4243
Vendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html
-
http://www.securitytracker.com/id?1019103
-
http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup
-
http://security.gentoo.org/glsa/glsa-200802-06.xml
-
http://www.securityfocus.com/bid/26900
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
Jump to