CVE-2015-3184

high

Description

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

References

https://support.apple.com/HT206172

https://security.gentoo.org/glsa/201610-05

http://www.ubuntu.com/usn/USN-2721-1

http://www.securitytracker.com/id/1033215

http://www.securityfocus.com/bid/76274

http://www.debian.org/security/2015/dsa-3331

http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

http://rhn.redhat.com/errata/RHSA-2015-1742.html

http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html

Details

Source: Mitre, NVD

Published: 2015-08-12

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.252

Detections

Analytics