Subversion (SVN) < 1.4.5 Directory Traversal Privilege Escalation (deprecated)

Medium Nessus Network Monitor Plugin ID 4198


The remote host is vulnerable to a directory traversal flaw.


The remote host is running Subversion, an open-source file management product. According to the version number, the remote system is reported to be vulnerable to a flaw where authenticated users can write to files outside the Subversion folders. By prepending '../' to a file name, an attacker can overwrite sensitive system files that may then be executed by a SYSTEM process. Given this, successful exploitation would likely result in the attacker gaining elevated access to the server hosting Subversion.


Upgrade to version 1.4.5 or higher.

See Also

Plugin Details

Severity: Medium

ID: 4198

Family: Generic

Published: 2007/08/28

Modified: 2016/02/05

Risk Information

Risk Factor: Medium


Base Score: 4.9

Temporal Score: 4

Vector: CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 4.6

Temporal Score: 4.2


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2007-3846

BID: 25468