CVE-2017-9800
CVSS7.5
发布时间 :2017-08-11 17:29:00
修订时间 :2017-11-04 21:29:03
NMPS    

[原文]A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

cpe:/a:apache:subversion:1.8.18
cpe:/a:apache:subversion:1.9.0
cpe:/a:apache:subversion:1.9.1
cpe:/a:apache:subversion:1.9.2
cpe:/a:apache:subversion:1.9.3
cpe:/a:apache:subversion:1.9.4
cpe:/a:apache:subversion:1.9.5
cpe:/a:apache:subversion:1.9.6
cpe:/a:apache:subversion:1.10.0
cpe:/a:apache:subversion:1.10.0:alpha1
cpe:/a:apache:subversion:1.10.0:alpha2
cpe:/a:apache:subversion:1.10.0:alpha3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9800
(官方数据源) NVD

- 其它链接及资源

http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
(UNKNOWN)  MISC  http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
http://www.debian.org/security/2017/dsa-3932
(UNKNOWN)  DEBIAN  DSA-3932
http://www.securityfocus.com/archive/1/archive/1/540999/100/0/threaded
(UNKNOWN)  BUGTRAQ  20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released
http://www.securityfocus.com/bid/100259
(VENDOR_ADVISORY)  BID  100259
http://www.securitytracker.com/id/1039127
(VENDOR_ADVISORY)  SECTRACK  1039127
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
(UNKNOWN)  CONFIRM  https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63@%3Cannounce.apache.org%3E
(VENDOR_ADVISORY)  MLIST  [announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released
https://security.gentoo.org/glsa/201709-09
(UNKNOWN)  GENTOO  GLSA-201709-09
https://subversion.apache.org/security/CVE-2017-9800-advisory.txt
(VENDOR_ADVISORY)  CONFIRM  https://subversion.apache.org/security/CVE-2017-9800-advisory.txt
https://support.apple.com/HT208103
(UNKNOWN)  CONFIRM  https://support.apple.com/HT208103

- 漏洞信息 (F143724)

Debian Security Advisory 3932-1 (PacketStormID:F143724)
2017-08-11 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2016-8734,CVE-2017-9800
[点击下载]

Debian Linux Security Advisory 3932-1 - Several problems were discovered in Subversion, a centralized version control system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3932-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
August 10, 2017                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : subversion
CVE ID         : CVE-2016-8734 CVE-2017-9800

Several problems were discovered in Subversion, a centralised version
control system.

CVE-2016-8734 (jessie only)

    Subversion's mod_dontdothat server module and Subversion clients
    using http(s):// were vulnerable to a denial-of-service attack
    caused by exponential XML entity expansion.

CVE-2017-9800

    Joern Schneeweisz discovered that Subversion did not correctly
    handle maliciously constructed svn+ssh:// URLs. This allowed an
    attacker to run an arbitrary shell command, for instance via
    svn:externals properties or when using 'svnsync sync'.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.8.10-6+deb8u5.

For the stable distribution (stretch), these problems have been fixed in
version 1.9.5-1+deb9u1.

We recommend that you upgrade your subversion packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlmMqV0ACgkQEL6Jg/PV
nWRK+ggAgTLGpBr6HhwRYwjZ0jIGVZ0+CF3Wq7ypkYdyW4C/SQSgoefQ9PLdrr8A
FShgukqNtRE626pc6vLBvNWTC1xtyB3Oez5qy/Hlpi4O5eV4NBLJSN1Yo8vsFlmi
t++uI9+v+pZ1I2LUYptmJH8Zf+MsT22VIpqMxbvFPvQUWp5+rCwKsl743KVsqAqo
acXR0o74D0jeCMtcAdAVSbO6zelac6fl+AM7729oxW5aoB6qXWDWphYouq2e1CTR
KfeBI02i61z2L6N0k1WzPfSvl0DGlN2PJ8WtAlW8iRIX0KL/FAM9VuE/92pVGZWr
7b7fYjiRiQKV5dxVjODbus39EX+avQ==
=MQa7
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F143722)

Apache Subversion Arbitrary Code Execution (PacketStormID:F143722)
2017-08-11 00:00:00
 
advisory,arbitrary,code execution
CVE-2017-9800
[点击下载]

Apache Subversion has released version 1.9.7 which addresses an arbitrary code execution vulnerability.

I'm happy to announce the release of Apache Subversion 1.9.7.
Please choose the mirror closest to you by visiting:

    http://subversion.apache.org/download.cgi?update=201708081800#recommended-release

This is a stable security release of the Apache Subversion open source
version control system.  It fixes one security issue:

    CVE-2017-9800:
    Arbitrary code execution on clients through malicious svn+ssh URLs in
    svn:externals and svn:sync-from-url
    http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

The SHA1 checksums are:

    874b81749cdc3e88152d103243c3623ac6338388 subversion-1.9.7.tar.bz2
    1a5f48acf9d0faa60e8c7aea96a9b29ab1d4dcac subversion-1.9.7.tar.gz
    741727b62596bf27f75838c46d1bb6938c83fbd7 subversion-1.9.7.zip

SHA-512 checksums are available at:

    https://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.sha512
    https://www.apache.org/dist/subversion/subversion-1.9.7.tar.gz.sha512
    https://www.apache.org/dist/subversion/subversion-1.9.7.zip.sha512

PGP Signatures are available at:

    http://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.asc
    http://www.apache.org/dist/subversion/subversion-1.9.7.tar.gz.asc
    http://www.apache.org/dist/subversion/subversion-1.9.7.zip.asc

For this release, the following people have provided PGP signatures:

   Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint:
    8AA2 C10E EAAD 44F9 6972  7AEA B59C E6D6 010C 8AAD
   Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint:
    8BC4 DAE0 C5A4 D65F 4044  0107 4F7D BAA9 9A59 B973
   Evgeny Kotkov [4096R/B64FFF1209F9FA74] with fingerprint:
    E7B2 A7F4 EC28 BE9F F8B3  8BA4 B64F FF12 09F9 FA74
   Stefan Hett (CODE SIGNING KEY) [4096R/376A3CFD110B1C95] with fingerprint:
    7B8C A7F6 451A D89C 8ADC  077B 376A 3CFD 110B 1C95
   Daniel Shahaf [3072R/A5FEEE3AC7937444] with fingerprint:
    E966 46BE 08C0 AF0A A0F9  0788 A5FE EE3A C793 7444
   Philip Martin [2048R/76D788E1ED1A599C] with fingerprint:
    A844 790F B574 3606 EE95  9207 76D7 88E1 ED1A 599C

Release notes for the 1.9.x release series may be found at:

    http://subversion.apache.org/docs/release-notes/1.9.html

You can find the list of changes between 1.9.7 and earlier versions at:

    http://svn.apache.org/repos/asf/subversion/tags/1.9.7/CHANGES

Questions, comments, and bug reports to users@subversion.apache.org.

Thanks,
- The Subversion Team
    

- 漏洞信息 (F143715)

Ubuntu Security Notice USN-3388-1 (PacketStormID:F143715)
2017-08-10 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,arbitrary
linux,ubuntu
CVE-2016-2167,CVE-2016-8734,CVE-2017-9800
[点击下载]

Ubuntu Security Notice 3388-1 - Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. Daniel Shahaf and James McCoy discovered that Subversion did not properly verify realms when using Cyrus SASL authentication. A remote attacker could use this to possibly bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3388-1
August 11, 2017

subversion vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Subversion.

Software Description:
- subversion: Advanced version control system

Details:

Joern Schneeweisz discovered that Subversion did not properly handle
host names in 'svn+ssh://' URLs. A remote attacker could use this
to construct a subversion repository that when accessed could run
arbitrary code with the privileges of the user. (CVE-2017-9800)

Daniel Shahaf and James McCoy discovered that Subversion did not
properly verify realms when using Cyrus SASL authentication. A
remote attacker could use this to possibly bypass intended access
restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-2167)

Florian Weimer discovered that Subversion clients did not properly
restrict XML entity expansion when accessing http(s):// URLs. A remote
attacker could use this to cause a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8734)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libsvn1                         1.9.5-1ubuntu1.1
  subversion                      1.9.5-1ubuntu1.1

Ubuntu 16.04 LTS:
  libapache2-mod-svn              1.9.3-2ubuntu1.1
  libapache2-svn                  1.9.3-2ubuntu1.1
  libsvn1                         1.9.3-2ubuntu1.1
  subversion                      1.9.3-2ubuntu1.1

Ubuntu 14.04 LTS:
  libapache2-mod-svn              1.8.8-1ubuntu3.3
  libapache2-svn                  1.8.8-1ubuntu3.3
  libsvn1                         1.8.8-1ubuntu3.3
  subversion                      1.8.8-1ubuntu3.3

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3388-1
  CVE-2016-2167, CVE-2016-8734, CVE-2017-9800

Package Information:
  https://launchpad.net/ubuntu/+source/subversion/1.9.5-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/subversion/1.9.3-2ubuntu1.1
  https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.3

    

- 漏洞信息 (F143770)

Red Hat Security Advisory 2017-2480-01 (PacketStormID:F143770)
2017-08-15 00:00:00
Red Hat  
advisory,shell
linux,redhat
CVE-2017-9800
[点击下载]

Red Hat Security Advisory 2017-2480-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: subversion security update
Advisory ID:       RHSA-2017:2480-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:2480
Issue date:        2017-08-15
CVE Names:         CVE-2017-9800 
=====================================================================

1. Summary:

An update for subversion is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.

Security Fix(es):

* A shell command injection flaw related to the handling of "svn+ssh" URLs
has been discovered in Subversion. An attacker could use this flaw to
execute shell commands with the privileges of the user running the
Subversion client, for example when performing a "checkout" or "update"
action on a malicious repository, or a legitimate repository containing a
malicious commit. (CVE-2017-9800)

Red Hat would like to thank the Subversion Team for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, for the update to take effect, you
must restart the httpd daemon, if you are using mod_dav_svn, and the
svnserve daemon, if you are serving Subversion repositories via the svn://
protocol.

5. Bugs fixed (https://bugzilla.redhat.com/):

1479686 - CVE-2017-9800 subversion: Command injection through clients via malicious svn+ssh URLs

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:
subversion-1.7.14-11.el7_4.src.rpm

x86_64:
mod_dav_svn-1.7.14-11.el7_4.x86_64.rpm
subversion-1.7.14-11.el7_4.i686.rpm
subversion-1.7.14-11.el7_4.x86_64.rpm
subversion-debuginfo-1.7.14-11.el7_4.i686.rpm
subversion-debuginfo-1.7.14-11.el7_4.x86_64.rpm
subversion-devel-1.7.14-11.el7_4.i686.rpm
subversion-devel-1.7.14-11.el7_4.x86_64.rpm
subversion-gnome-1.7.14-11.el7_4.i686.rpm
subversion-gnome-1.7.14-11.el7_4.x86_64.rpm
subversion-javahl-1.7.14-11.el7_4.i686.rpm
subversion-javahl-1.7.14-11.el7_4.x86_64.rpm
subversion-kde-1.7.14-11.el7_4.i686.rpm
subversion-kde-1.7.14-11.el7_4.x86_64.rpm
subversion-libs-1.7.14-11.el7_4.i686.rpm
subversion-libs-1.7.14-11.el7_4.x86_64.rpm
subversion-perl-1.7.14-11.el7_4.i686.rpm
subversion-perl-1.7.14-11.el7_4.x86_64.rpm
subversion-python-1.7.14-11.el7_4.x86_64.rpm
subversion-ruby-1.7.14-11.el7_4.i686.rpm
subversion-ruby-1.7.14-11.el7_4.x86_64.rpm
subversion-tools-1.7.14-11.el7_4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
subversion-1.7.14-11.el7_4.src.rpm

x86_64:
mod_dav_svn-1.7.14-11.el7_4.x86_64.rpm
subversion-1.7.14-11.el7_4.i686.rpm
subversion-1.7.14-11.el7_4.x86_64.rpm
subversion-debuginfo-1.7.14-11.el7_4.i686.rpm
subversion-debuginfo-1.7.14-11.el7_4.x86_64.rpm
subversion-devel-1.7.14-11.el7_4.i686.rpm
subversion-devel-1.7.14-11.el7_4.x86_64.rpm
subversion-gnome-1.7.14-11.el7_4.i686.rpm
subversion-gnome-1.7.14-11.el7_4.x86_64.rpm
subversion-javahl-1.7.14-11.el7_4.i686.rpm
subversion-javahl-1.7.14-11.el7_4.x86_64.rpm
subversion-kde-1.7.14-11.el7_4.i686.rpm
subversion-kde-1.7.14-11.el7_4.x86_64.rpm
subversion-libs-1.7.14-11.el7_4.i686.rpm
subversion-libs-1.7.14-11.el7_4.x86_64.rpm
subversion-perl-1.7.14-11.el7_4.i686.rpm
subversion-perl-1.7.14-11.el7_4.x86_64.rpm
subversion-python-1.7.14-11.el7_4.x86_64.rpm
subversion-ruby-1.7.14-11.el7_4.i686.rpm
subversion-ruby-1.7.14-11.el7_4.x86_64.rpm
subversion-tools-1.7.14-11.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
subversion-1.7.14-11.el7_4.src.rpm

aarch64:
mod_dav_svn-1.7.14-11.el7_4.aarch64.rpm
subversion-1.7.14-11.el7_4.aarch64.rpm
subversion-debuginfo-1.7.14-11.el7_4.aarch64.rpm
subversion-gnome-1.7.14-11.el7_4.aarch64.rpm
subversion-libs-1.7.14-11.el7_4.aarch64.rpm

ppc64:
mod_dav_svn-1.7.14-11.el7_4.ppc64.rpm
subversion-1.7.14-11.el7_4.ppc.rpm
subversion-1.7.14-11.el7_4.ppc64.rpm
subversion-debuginfo-1.7.14-11.el7_4.ppc.rpm
subversion-debuginfo-1.7.14-11.el7_4.ppc64.rpm
subversion-gnome-1.7.14-11.el7_4.ppc.rpm
subversion-gnome-1.7.14-11.el7_4.ppc64.rpm
subversion-libs-1.7.14-11.el7_4.ppc.rpm
subversion-libs-1.7.14-11.el7_4.ppc64.rpm

ppc64le:
mod_dav_svn-1.7.14-11.el7_4.ppc64le.rpm
subversion-1.7.14-11.el7_4.ppc64le.rpm
subversion-debuginfo-1.7.14-11.el7_4.ppc64le.rpm
subversion-gnome-1.7.14-11.el7_4.ppc64le.rpm
subversion-libs-1.7.14-11.el7_4.ppc64le.rpm

s390x:
mod_dav_svn-1.7.14-11.el7_4.s390x.rpm
subversion-1.7.14-11.el7_4.s390.rpm
subversion-1.7.14-11.el7_4.s390x.rpm
subversion-debuginfo-1.7.14-11.el7_4.s390.rpm
subversion-debuginfo-1.7.14-11.el7_4.s390x.rpm
subversion-gnome-1.7.14-11.el7_4.s390.rpm
subversion-gnome-1.7.14-11.el7_4.s390x.rpm
subversion-libs-1.7.14-11.el7_4.s390.rpm
subversion-libs-1.7.14-11.el7_4.s390x.rpm

x86_64:
mod_dav_svn-1.7.14-11.el7_4.x86_64.rpm
subversion-1.7.14-11.el7_4.i686.rpm
subversion-1.7.14-11.el7_4.x86_64.rpm
subversion-debuginfo-1.7.14-11.el7_4.i686.rpm
subversion-debuginfo-1.7.14-11.el7_4.x86_64.rpm
subversion-gnome-1.7.14-11.el7_4.i686.rpm
subversion-gnome-1.7.14-11.el7_4.x86_64.rpm
subversion-libs-1.7.14-11.el7_4.i686.rpm
subversion-libs-1.7.14-11.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
subversion-debuginfo-1.7.14-11.el7_4.aarch64.rpm
subversion-devel-1.7.14-11.el7_4.aarch64.rpm
subversion-javahl-1.7.14-11.el7_4.aarch64.rpm
subversion-kde-1.7.14-11.el7_4.aarch64.rpm
subversion-perl-1.7.14-11.el7_4.aarch64.rpm
subversion-python-1.7.14-11.el7_4.aarch64.rpm
subversion-ruby-1.7.14-11.el7_4.aarch64.rpm
subversion-tools-1.7.14-11.el7_4.aarch64.rpm

ppc64:
subversion-debuginfo-1.7.14-11.el7_4.ppc.rpm
subversion-debuginfo-1.7.14-11.el7_4.ppc64.rpm
subversion-devel-1.7.14-11.el7_4.ppc.rpm
subversion-devel-1.7.14-11.el7_4.ppc64.rpm
subversion-javahl-1.7.14-11.el7_4.ppc.rpm
subversion-javahl-1.7.14-11.el7_4.ppc64.rpm
subversion-kde-1.7.14-11.el7_4.ppc.rpm
subversion-kde-1.7.14-11.el7_4.ppc64.rpm
subversion-perl-1.7.14-11.el7_4.ppc.rpm
subversion-perl-1.7.14-11.el7_4.ppc64.rpm
subversion-python-1.7.14-11.el7_4.ppc64.rpm
subversion-ruby-1.7.14-11.el7_4.ppc.rpm
subversion-ruby-1.7.14-11.el7_4.ppc64.rpm
subversion-tools-1.7.14-11.el7_4.ppc64.rpm

ppc64le:
subversion-debuginfo-1.7.14-11.el7_4.ppc64le.rpm
subversion-devel-1.7.14-11.el7_4.ppc64le.rpm
subversion-javahl-1.7.14-11.el7_4.ppc64le.rpm
subversion-kde-1.7.14-11.el7_4.ppc64le.rpm
subversion-perl-1.7.14-11.el7_4.ppc64le.rpm
subversion-python-1.7.14-11.el7_4.ppc64le.rpm
subversion-ruby-1.7.14-11.el7_4.ppc64le.rpm
subversion-tools-1.7.14-11.el7_4.ppc64le.rpm

s390x:
subversion-debuginfo-1.7.14-11.el7_4.s390.rpm
subversion-debuginfo-1.7.14-11.el7_4.s390x.rpm
subversion-devel-1.7.14-11.el7_4.s390.rpm
subversion-devel-1.7.14-11.el7_4.s390x.rpm
subversion-javahl-1.7.14-11.el7_4.s390.rpm
subversion-javahl-1.7.14-11.el7_4.s390x.rpm
subversion-kde-1.7.14-11.el7_4.s390.rpm
subversion-kde-1.7.14-11.el7_4.s390x.rpm
subversion-perl-1.7.14-11.el7_4.s390.rpm
subversion-perl-1.7.14-11.el7_4.s390x.rpm
subversion-python-1.7.14-11.el7_4.s390x.rpm
subversion-ruby-1.7.14-11.el7_4.s390.rpm
subversion-ruby-1.7.14-11.el7_4.s390x.rpm
subversion-tools-1.7.14-11.el7_4.s390x.rpm

x86_64:
subversion-debuginfo-1.7.14-11.el7_4.i686.rpm
subversion-debuginfo-1.7.14-11.el7_4.x86_64.rpm
subversion-devel-1.7.14-11.el7_4.i686.rpm
subversion-devel-1.7.14-11.el7_4.x86_64.rpm
subversion-javahl-1.7.14-11.el7_4.i686.rpm
subversion-javahl-1.7.14-11.el7_4.x86_64.rpm
subversion-kde-1.7.14-11.el7_4.i686.rpm
subversion-kde-1.7.14-11.el7_4.x86_64.rpm
subversion-perl-1.7.14-11.el7_4.i686.rpm
subversion-perl-1.7.14-11.el7_4.x86_64.rpm
subversion-python-1.7.14-11.el7_4.x86_64.rpm
subversion-ruby-1.7.14-11.el7_4.i686.rpm
subversion-ruby-1.7.14-11.el7_4.x86_64.rpm
subversion-tools-1.7.14-11.el7_4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
subversion-1.7.14-11.el7_4.src.rpm

x86_64:
mod_dav_svn-1.7.14-11.el7_4.x86_64.rpm
subversion-1.7.14-11.el7_4.i686.rpm
subversion-1.7.14-11.el7_4.x86_64.rpm
subversion-debuginfo-1.7.14-11.el7_4.i686.rpm
subversion-debuginfo-1.7.14-11.el7_4.x86_64.rpm
subversion-gnome-1.7.14-11.el7_4.i686.rpm
subversion-gnome-1.7.14-11.el7_4.x86_64.rpm
subversion-libs-1.7.14-11.el7_4.i686.rpm
subversion-libs-1.7.14-11.el7_4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
subversion-debuginfo-1.7.14-11.el7_4.i686.rpm
subversion-debuginfo-1.7.14-11.el7_4.x86_64.rpm
subversion-devel-1.7.14-11.el7_4.i686.rpm
subversion-devel-1.7.14-11.el7_4.x86_64.rpm
subversion-javahl-1.7.14-11.el7_4.i686.rpm
subversion-javahl-1.7.14-11.el7_4.x86_64.rpm
subversion-kde-1.7.14-11.el7_4.i686.rpm
subversion-kde-1.7.14-11.el7_4.x86_64.rpm
subversion-perl-1.7.14-11.el7_4.i686.rpm
subversion-perl-1.7.14-11.el7_4.x86_64.rpm
subversion-python-1.7.14-11.el7_4.x86_64.rpm
subversion-ruby-1.7.14-11.el7_4.i686.rpm
subversion-ruby-1.7.14-11.el7_4.x86_64.rpm
subversion-tools-1.7.14-11.el7_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-9800
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZk1j1XlSAg2UNWIIRAlu/AJ4zrXz6rn0BNA8hE6kMVcGhlilYswCeKfh3
zK5tCGefGneU5AH4FDUz7WM=
=26aq
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F144036)

SourceTree Remote Code Execution (PacketStormID:F144036)
2017-09-07 00:00:00
David Black  
advisory,remote,vulnerability,code execution
windows
CVE-2017-1000115,CVE-2017-1000116,CVE-2017-1000117,CVE-2017-9800
[点击下载]

SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/c-mdNw .


CVE ID:

* CVE-2017-1000117 - Git.
* CVE-2017-1000115 - Mercurial.
* CVE-2017-1000116 - Mercurial.
* CVE-2017-9800 - Subversion.


Product: SourceTree.

Affected SourceTree product versions:

* SourceTree for macOS 1.0b2 <= version < 2.6.1
* SourceTree for Windows 0.5.1.0 <= version < 2.1.10


Fixed SourceTree product versions:

* Versions of SourceTree for macOS, equal to and above 2.6.1 contain a
fix for this issue.
* Versions of SourceTree for Windows, equal to and above 2.1.10
contain a fix for this issue.


Summary:
This advisory discloses critical severity security vulnerabilities
which affect SourceTree for macOS and SourceTree for Windows. Versions
of SourceTree for macOS starting with 1.0b2 before version 2.6.1 and
versions of SourceTree for Windows starting with 0.5.1.0 before
version 2.1.10 are affected by this vulnerability.


Customers who have upgraded SourceTree for macOS to version 2.6.1 are
not affected.
Customers who have upgraded SourceTree for Windows to version 2.1.10
are not affected.

Customers who have downloaded and installed SourceTree for macOS
starting with 1.0b2 before version 2.6.1 or who have downloaded and
installed SourceTree for Windows starting with 0.5.1.0 before version
2.1.10 please upgrade your SourceTree for macOS or SourceTree for
Windows installations immediately to fix the vulnerabilities mentioned
in this advisory.

SourceTree for macOS and Windows - Remote Code Execution via Git and
Mercurial - Multiple CVEs

Severity:
Atlassian rates the severity level of this vulnerability as critical,
according to the scale published in our Atlassian severity levels. The
scale allows us to rank the severity as critical, high, moderate or
low.
This is our assessment and you should evaluate its applicability to
your own IT environment.


Description:

SourceTree for macOS and Windows are affected by vulnerabilities found
in the Git and Mercurial software. This vulnerability can be triggered
through a malicious repository when it is checked out using
SourceTree. From version 1.4.0 of SourceTree for macOS and 0.8.4b of
SourceTree for Windows, this vulnerability can be triggered from a
webpage through the use of the SourceTree URI handler.
Versions of SourceTree for macOS starting with 1.0b2 before version
2.6.1 and versions of SourceTree for Windows starting with 0.5.1.0
before version 2.1.10 are affected by this vulnerability. This issue
can be tracked at: https://jira.atlassian.com/browse/SRCTREE-4904 and
for Windows at https://jira.atlassian.com/browse/SRCTREEWIN-7663.


Remediation:

Upgrade SourceTree for macOS to version 2.6.1 or higher.  Please note
that since SourceTree for Mac 2.5.0 OSX 10.11 or later is required.
Upgrade SourceTree for Windows to version 2.1.10 or higher.

You can download the latest version of SourceTree from
https://www.sourcetreeapp.com/ .


Support:
Atlassian supports SourceTree through the Atlassian Community. If you
have questions or concerns regarding this advisory, go to
https://community.atlassian.com/t5/SourceTree/ct-p/sourcetree .
-----BEGIN PGP SIGNATURE-----

iQI0BAEBCgAeBQJZr1kdFxxzZWN1cml0eUBhdGxhc3NpYW4uY29tAAoJECQgl6K8
Unag+WgP/3IIGyB+oShEgGGmRaSUsT9bA2Vqis/0i9nr/I//f5XACt897M+THELj
2S+ZD9RiALjkCD5Hq2wvTvs42KWt34+ImKQutI8FqnMf96cIszPhuhwurd7NdcX8
hhfZbVx1RZra7wKK2FbyC64VlxlYKHcNOvpTyDHAuki5bhBFkwLI0hf8vXWNPYZg
w6i6EzLC+QQNoEO5qb+NURuAImWt2tGQWsskLMbwlJIdrqsqQ3TrjUvKAgvRfkUn
1H8cCDArA1HpQKz6peI32NeuvC2WcI3Zc7sKP7qDW/pNRk0iIDkRlJ8AlRMEu/LD
DgpJVhpVmDkdWHCy4SRN9Was3mRnaL9uZxsY6GUH2wi8Nt4/3JKJKsbG+MhmY762
B/NLuUA78mqDos6I0KxCjluhPOeFKv8W/BGkexLEjAoV2c348Fy5+X1S4vdoGlq+
+z7zyCUf3fsi6iz/Nt1C3vY/q76m1hL1VI5HX3btizwLOenUof6RDt6jTBzaA+zS
xt6YpwB1K+P2Lv32ChGFjAtAUljqoIqWK6brJljxHM5ey24hnovYYBJq8DI/xKPr
6EDGLAseEHldKy+8nAJ4BHgDWYco5jx0++GaHzLQTW/1VLn3uAXDK4MGJPcsLYQ6
WIlV192qlMUMPk53X3kAYNQG7t2EevWKn960hR8s/bwCm3Pvuvbi
=l639
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F144207)

Gentoo Linux Security Advisory 201709-09 (PacketStormID:F144207)
2017-09-18 00:00:00
Gentoo  security.gentoo.org
advisory,remote,arbitrary
linux,gentoo
CVE-2017-9800
[点击下载]

Gentoo Linux Security Advisory 201709-9 - A command injection vulnerability in Subversion may allow remote attackers to execute arbitrary code. Versions less than 1.9.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201709-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Subversion: Arbitrary code execution
     Date: September 17, 2017
     Bugs: #627480
       ID: 201709-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A command injection vulnerability in Subversion may allow remote
attackers to execute arbitrary code.

Background
==========

Subversion is a version control system intended to eventually replace
CVS. Like CVS, it has an optional client-server architecture (where the
server can be an Apache server running mod_svn, or an ssh program as in
CVSas :ext: method). In addition to supporting the features found in
CVS, Subversion also provides support for moving and copying files and
directories.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-vcs/subversion           < 1.9.7                    >= 1.9.7 
                                                            *> 1.8.18 

Description
===========

Specially crafted 'ssh://...' URLs may allow the owner of the
repository to execute arbitrary commands on client's machine if those
commands are already installed on the client's system. This is
especially dangerous when the third-party repository has one or more
submodules with specially crafted 'ssh://...' URLs. Each time the
repository is recursively cloned or submodules are updated the payload
will be triggered.

Impact
======

A remote attacker, by enticing a user to clone a specially crafted
repository, could possibly execute arbitrary code with the privileges
of the process.

Workaround
==========

There are several alternative ways to fix this vulnerability. Please
refer to Subversion Team Announce for more details.

Resolution
==========

All Subversion 1.9.x users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.7"

All Subversion 1.8.x users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.8.18"

References
==========

[ 1 ] CVE-2017-9800
      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9800
[ 2 ] Subversion Team Announce
      https://subversion.apache.org/security/CVE-2017-9800-advisory.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201709-09

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
    

- 漏洞信息 (F144271)

Apple Security Advisory 2017-09-19-3 (PacketStormID:F144271)
2017-09-20 00:00:00
Apple  apple.com
advisory,vulnerability,code execution
apple
CVE-2017-1000117,CVE-2017-7076,CVE-2017-7134,CVE-2017-7135,CVE-2017-7136,CVE-2017-7137,CVE-2017-9800
[点击下载]

Apple Security Advisory 2017-09-19-3 - Xcode 9 is now available and addresses code execution and various other vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-09-19-3 Xcode 9

Xcode 9 is now available and addresses the following:

Git
Available for:  macOS Sierra 10.12.6 or later
Impact: Checking out a maliciously crafted repository may lead to
arbitrary code execution
Description: An ssh:// URL scheme handling issue was addressed
through improved input validation.
CVE-2017-1000117

ld64
Available for:  macOS Sierra 10.12.6 or later
Impact: Parsing a maliciously crafted Mach-O file may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7076: riusksk (ae3aY=) of Tencent Security Platform Department
CVE-2017-7134: riusksk (ae3aY=) of Tencent Security Platform Department
CVE-2017-7135: riusksk (ae3aY=) of Tencent Security Platform Department
CVE-2017-7136: riusksk (ae3aY=) of Tencent Security Platform Department
CVE-2017-7137: riusksk (ae3aY=) of Tencent Security Platform Department

subversion
Available for:  macOS Sierra 10.12.6 or later
Impact: Checking out a maliciously crafted repository may lead to
arbitrary code execution
Description: An input validation issue was addressed through improved
input validation.
CVE-2017-9800

Installation note:

Xcode 9 may be obtained from:

https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "9".

Information will also be posted to the Apple Security Updates
web site:
https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:

https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZwVI5AAoJEIOj74w0bLRG//MQAMZhTTHk4DQEuoWwW7U63c+R
TVo7gRf4AVVQWJ+4FU4fT/I0l8IuxhTOfG14+sumHtsOIQV0evsAGeA9k4+RAgo8
N1DIJ3mZxYobd8KfP0DXt8fX4yfjYtLmTDJqMRvGZ6765UK+ctRQYCuN/+TWR0BM
CyU6UqVQVhN+Z/Lgg8CnK2KTFbykMCHgZ7EYrwIhY3z9SvOiFCakXxUlZkLcziov
7Mkr/BKv6YlMVB+r/keuifLn2fOxa51Ic+k/n1Vb5wBmOEA2DH0w8NaBJeA/aPNd
Cgwj750S0gjPG7Zk/IAOy17TJJzor2Ewrvb6wNQB5zzb32TScw58mOzydyLg0jBl
j0D1k7d2+f31utzkT9gcvkq6490HginWdmUzwXuZV8dMz/Bwc4dJlF7u9gXBGrZe
SymSagb28TxFVZHHO7nOVuydmafgB4tSJ9yQq4vASDbOso0pScPuAw6FhpPBaKb+
IiLpYJOOO2pJpSfgq0Z3U/rV7X2WBGcRJoJLYNXVQyyyCEXmMIAzEurn3nXUh75f
LKMZxT1i3Q37KfSxOmx3o7bh9MeE3/FrZQsYRFunCAESAxn3s+JoF+EMXSjC0k5V
t5mz1t+qaPkI1cQYXRxi/PwfcXUqNtXwdngrr3dVXqL8V+Yx9oVWQiC1OB60aP4i
qcRPihCW7/qqjks6q8Ew
=Bzk4
-----END PGP SIGNATURE-----



    

- 漏洞信息 (F144746)

Ubuntu Security Notice USN-3388-2 (PacketStormID:F144746)
2017-10-25 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,denial of service,vulnerability
linux,ubuntu
CVE-2016-2167,CVE-2016-2168,CVE-2017-9800
[点击下载]

Ubuntu Security Notice 3388-2 - USN-3388-1 fixed several vulnerabilities in Subversion. This update provides the corresponding update for Ubuntu 12.04 ESM. Ivan Zhakov discovered that Subversion did not properly handle some requests. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3388-2
October 24, 2017

subversion vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Subversion.

Software Description:
- subversion: Advanced version control system

Details:

USN-3388-1 fixed several vulnerabilities in Subversion. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Ivan Zhakov discovered that Subversion did not properly handle
some requests. A remote attacker could use this to cause a
denial of service. (CVE-2016-2168)

Original advisory details:

A Joern Schneeweisz discovered that Subversion did not properly handle
A host names in 'svn+ssh://' URLs. A remote attacker could use this
A to construct a subversion repository that when accessed could run
A arbitrary code with the privileges of the user. (CVE-2017-9800)

A Daniel Shahaf and James McCoy discovered that Subversion did not
A properly verify realms when using Cyrus SASL authentication. A
A remote attacker could use this to possibly bypass intended access
A restrictions. (CVE-2016-2167)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
A  libapache2-svnA A A A A A A A A A A A A A A A A A 1.6.17dfsg-3ubuntu3.7
A  libsvn1A A A A A A A A A A A A A A A A A A A A A A A A A 1.6.17dfsg-3ubuntu3.7
A  subversionA A A A A A A A A A A A A A A A A A A A A A 1.6.17dfsg-3ubuntu3.7

In general, a standard system update will make all the necessary
changes.

References:
A  https://www.ubuntu.com/usn/usn-3388-2
A  https://www.ubuntu.com/usn/usn-3388-1
A  CVE-2016-2167, CVE-2016-2168, CVE-2017-9800
    

- 漏洞信息

Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
Input Validation Error 100259
Yes No
2017-08-10 12:00:00 2017-08-10 12:00:00
Jonathan Nieder

- 受影响的程序版本

Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Subversion 1.9.6
Apache Subversion 1.9.5
Apache Subversion 1.9.4
Apache Subversion 1.9.3
Apache Subversion 1.9.2
Apache Subversion 1.9.1
Apache Subversion 1.9
Apache Subversion 1.8.18
Apache Subversion 1.8.17
Apache Subversion 1.8.16
Apache Subversion 1.8.11
Apache Subversion 1.8.10
Apache Subversion 1.8.9
Apache Subversion 1.8.5
Apache Subversion 1.8.1
Apache Subversion 1.8
Apache Subversion 1.7.19
Apache Subversion 1.7.18
Apache Subversion 1.7.17
Apache Subversion 1.7.16
Apache Subversion 1.7.11
Apache Subversion 1.7.10
Apache Subversion 1.7.1
Apache Subversion 1.7
Apache Subversion 1.6.23
Apache Subversion 1.6.22
Apache Subversion 1.6.21
Apache Subversion 1.6.20
Apache Subversion 1.6.19
Apache Subversion 1.6.18
Apache Subversion 1.6.14
Apache Subversion 1.6.13
Apache Subversion 1.6.12
Apache Subversion 1.6.11
Apache Subversion 1.6.10
Apache Subversion 1.6.6
Apache Subversion 1.6.5
Apache Subversion 1.6.3
Apache Subversion 1.6.2
Apache Subversion 1.5.8
Apache Subversion 1.5.7
Apache Subversion 1.5.5
Apache Subversion 1.5.4
Apache Subversion 1.5.2
Apache Subversion 1.4.6
Apache Subversion 1.3.2
Apache Subversion 1.0.9
Apache Subversion 1.0.8
Apache Subversion 1.0.7
Apache Subversion 1.0.6
Apache Subversion 1.0.2
Apache Subversion 1.8.8
Apache Subversion 1.8.7
Apache Subversion 1.8.6
Apache Subversion 1.8.4
Apache Subversion 1.8.3
Apache Subversion 1.8.2
Apache Subversion 1.8.15
Apache Subversion 1.8.14
Apache Subversion 1.8.13
Apache Subversion 1.7.9
Apache Subversion 1.7.8
Apache Subversion 1.7.7
Apache Subversion 1.7.6
Apache Subversion 1.7.5
Apache Subversion 1.7.4
Apache Subversion 1.7.3
Apache Subversion 1.7.22
Apache Subversion 1.7.21
Apache Subversion 1.7.20
Apache Subversion 1.7.2
Apache Subversion 1.7.15
Apache Subversion 1.7.14
Apache Subversion 1.7.13
Apache Subversion 1.7.12
Apache Subversion 1.6.9
Apache Subversion 1.6.8
Apache Subversion 1.6.7
Apache Subversion 1.6.4
Apache Subversion 1.6.17
Apache Subversion 1.6.16
Apache Subversion 1.6.15
Apache Subversion 1.6.1
Apache Subversion 1.6.0
Apache Subversion 1.5.6
Apache Subversion 1.4.5
Apache Subversion 1.4.4
Apache Subversion 1.4.2
Apache Subversion 1.4.1
Apache Subversion 1.4.0
Apache Subversion 1.3.1
Apache Subversion 1.3.0
Apache Subversion 1.2.3
Apache Subversion 1.2.2
Apache Subversion 1.2.1
Apache Subversion 1.1.3
Apache Subversion 1.1.2
Apache Subversion 1.1.1
Apache Subversion 1.1.0
Apache Subversion 1.0.5
Apache Subversion 1.0.4
Apache Subversion 1.0.3
Apache Subversion 1.0.1
,Apache Subversion 1.9.7
Apache Subversion 1.8.19

- 不受影响的程序版本

Apache Subversion 1.9.7
Apache Subversion 1.8.19

- 漏洞讨论

Apache Subversion is prone to a remote command-execution vulnerability.

Exploiting this issue could allow an attacker to execute arbitrary shell commands in the context of the affected system.

Subversion 1.0.0 through 1.8.18 and 1.9.0 through 1.9.6 are vulnerable.

- 漏洞利用

An attacker can exploit this issue using readily available tools.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站