CVE-2009-0240

NameCVE-2009-0240
Descriptionlisting.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1725-1
NVD severitylow
Debian Bugs512191

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
websvnsourceetch(not affected)
websvnsourcelenny2.0-4+lenny1DSA-1725-1
websvnsource(unstable)2.0-4+lenny1512191

Notes

[etch] - websvn <not-affected> (authenthication doesn't exist in that version)

Search for package or bug name: Reporting problems