CVE-2007-2448 | Vulnerability Database | Aqua Security

Subversion 1.4.3 and earlier does not properly implement the partial access privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

Affected Software

Name	Vendor	Start Version	End Version
Subversion	Subversion	*	1.4.3 (including)
Red Hat Enterprise Linux 5	RedHat	subversion-0:1.6.11-7.el5	*
Subversion	Ubuntu	dapper	*
Subversion	Ubuntu	edgy	*
Subversion	Ubuntu	feisty	*
Subversion	Ubuntu	upstream	*

References

http://osvdb.org/36070
http://secunia.com/advisories/43139
http://securitytracker.com/id?1018237
http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
http://www.securityfocus.com/bid/24463
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2007/2230
http://www.vupen.com/english/advisories/2011/0264
https://issues.rpath.com/browse/RPL-1896
http://osvdb.org/36070
http://secunia.com/advisories/43139
http://securitytracker.com/id?1018237
http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
http://www.securityfocus.com/bid/24463
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2007/2230
http://www.vupen.com/english/advisories/2011/0264
https://issues.rpath.com/browse/RPL-1896

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2448
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html