Apple Xcode up to 8.3.3 subversion input validation

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Apple Xcode up to 8.3.3 (Programming Tool Software). This affects an unknown functionality of the component subversion. Upgrading to version 9.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/19/2019 10:18 AM01/14/2021 11:08 AM01/14/2021 11:14 AM
nessus_typelocallocallocal
nessus_date1504224000 (09/01/2017)1504224000 (09/01/2017)1504224000 (09/01/2017)
openvas_id536765367653676
openvas_filenamedeb_3932.nasldeb_3932.nasldeb_3932.nasl
openvas_titleDebian Security Advisory DSA 3932-1 (subversion - security update)Debian Security Advisory DSA 3932-1 (subversion - security update)Debian Security Advisory DSA 3932-1 (subversion - security update)
openvas_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
qualys_id196880196880196880
qualys_titleUbuntu Security Notification for Subversion Vulnerabilities (USN-3388-1)Ubuntu Security Notification for Subversion Vulnerabilities (USN-3388-1)Ubuntu Security Notification for Subversion Vulnerabilities (USN-3388-1)
seealso93874 105248 107068 107069 107070 107071 107072 10706793874 105248 107068 107069 107070 107071 107072 10706793874 105248 107068 107069 107070 107071 107072 107067
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore9.89.89.8
typeProgramming Tool SoftwareProgramming Tool SoftwareProgramming Tool Software
vendorAppleAppleApple
nameXcodeXcodeXcode
version<=8.3.3<=8.3.3<=8.3.3
componentsubversionsubversionsubversion
cwe20 (privilege escalation)20 (privilege escalation)20 (privilege escalation)
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore8.08.08.0
cvss3_meta_tempscore7.77.77.7
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1505865600 (09/20/2017)1505865600 (09/20/2017)1505865600 (09/20/2017)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://support.apple.com/en-us/HT208103https://support.apple.com/en-us/HT208103https://support.apple.com/en-us/HT208103
identifierHT208103HT208103HT208103
disputed000
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
date1505865600 (09/20/2017)1505865600 (09/20/2017)1505865600 (09/20/2017)
upgrade_version9.09.09.0
cveCVE-2017-9800CVE-2017-9800CVE-2017-9800
cve_nvd_published150240960015024096001502409600
oval_idoval:org.cisecurity:def:2949oval:org.cisecurity:def:2949oval:org.cisecurity:def:2949
securityfocus100259100259100259
securityfocus_titleApache Subversion CVE-2017-9800 Remote Command Execution VulnerabilityApache Subversion CVE-2017-9800 Remote Command Execution VulnerabilityApache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
nessus_id102871102871102871
nessus_nameAmazon Linux AMI : subversion / mod_dav_svn (ALAS-2017-883)Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2017-883)Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2017-883)
nessus_filenameala_ALAS-2017-883.naslala_ALAS-2017-883.naslala_ALAS-2017-883.nasl
nessus_riskHighHighHigh
nessus_familyAmazon Linux Local Security ChecksAmazon Linux Local Security ChecksAmazon Linux Local Security Checks
discoverydate150240960015024096001502409600
confirm_urlhttps://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.htmlhttps://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.htmlhttps://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
cve_assigned149800320014980032001498003200
securityfocus_date1502323200 (08/10/2017)1502323200 (08/10/2017)1502323200 (08/10/2017)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
cve_nvd_summaryA maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
sectracker10391271039127
cvss2_nvd_basescore7.57.5
person_nameJonathan Nieder

Might our Artificial Intelligence support you?

Check our Alexa App!