Detections
Analytics

.svn/entries Disclosed via Web Server

medium Nessus Plugin ID 33821

Language:

Synopsis

The remote web server discloses information due to a configuration weakness.

Description

The web server on the remote host allows read access to '.svn/entries' files. This exposes all file names in your svn module on your website. This flaw can also be used to download the source code of the scripts (PHP, JSP, etc...) hosted on the remote server.

Solution

Configure permissions for the affected web server to deny access to the '.svn' directory.

See Also

http://www.nessus.org/u?b573eafc

Plugin Details

Severity: Medium

ID: 33821

File Name: svn_in_www.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 8/5/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N