Multiple vulnerabilities in WebSVN allow for file overwrite and information disclosure.
Package | www-apps/websvn on all architectures |
---|---|
Affected versions | < 2.1.0 |
Unaffected versions | >= 2.1.0 |
WebSVN is a web-based browsing tool for Subversion repositories written in PHP.
A remote attacker can exploit these vulnerabilities to overwrite arbitrary files, to read changelogs or diffs for restricted projects and to hijack a user's session.
There is no known workaround at this time.
All WebSVN users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/websvn-2.1.0"
Release date
March 09, 2009
Latest revision
March 09, 2009: 01
Severity
normal
Exploitable
remote
Bugzilla entries