CVE-2007-2448 Information

Description

Subversion 1.4.3 and earlier does not properly implement the \partial access\ privilege for users who have access to changed paths but not copied paths which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget (2) proplist or (3) propedit.

Reference

http://osvdb.org/36070 http://secunia.com/advisories/43139 http://securitytracker.com/id?1018237 http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt http://www.securityfocus.com/bid/24463 http://www.ubuntu.com/usn/USN-1053-1 http://www.vupen.com/english/advisories/2007/2230 http://www.vupen.com/english/advisories/2011/0264 https://issues.rpath.com/browse/RPL-1896