C. Michael Pilato

**Name of the Vulnerable Software and Affected Versions** Apache Subversion versions 1.7.x through 1.7.20 Apache Subversion versions 1.8.x through 1.8.13 **Description** The issue allows remote anonymous users to read hidden files via the path name due to improper restriction of anonymous access in mod authz svn when using Apache httpd 2.4.x. **Recommendations** For Apache Subversion versions 1.7.x through 1.7.20, update to version 1.7.21 or later. For Apache Subversion versions 1.8.x through 1.8.13, update to version 1.8.14 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Subversion versions prior to 1.7.21 Apache Subversion versions 1.8.x prior to 1.8.14 **Description** The issue allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path when path-based authorization is used. **Recommendations** For Apache Subversion versions prior to 1.7.21, update to version 1.7.21 or later. For Apache Subversion versions 1.8.x prior to 1.8.14, update to version 1.8.14 or later.