CVE-2015-3184

medium

Description

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

References

http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html

http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html

http://rhn.redhat.com/errata/RHSA-2015-1742.html

https://security.gentoo.org/glsa/201610-05

https://support.apple.com/HT206172

http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

http://www.debian.org/security/2015/dsa-3331

http://www.securitytracker.com/id/1033215

http://www.ubuntu.com/usn/USN-2721-1

Details

Source: Mitre, NVD

Published: 2015-08-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

Detections

Analytics