FreeBSD : websvn -- information disclosure (f69e1f09-e39b-11e5-9f77-5453ed2e2b49)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Thijs Kinkhorst reports :

James Clawson reported :

'Arbitrary files with a known path can be accessed in websvn by
committing a symlink to a repository and then downloading the file
(using the download link).

An attacker must have write access to the repo, and the download
option must have been enabled in the websvn config file.'

See also :

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6892
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682
http://www.nessus.org/u?2d10d368

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 89710 ()

Bugtraq ID:

CVE ID: CVE-2013-6892

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now