Kamesh Jayachandran

**Name of the Vulnerable Software and Affected Versions** Apache Subversion versions 1.5.x through 1.6.16 **Description** The issue allows remote attackers to obtain sensitive information via a replay REPORT operation, due to improper permission enforcement for files that had been publicly readable in the past when the SVNPathAuthz short circuit option is disabled. **Recommendations** For Apache Subversion versions 1.5.x through 1.6.16, update to version 1.6.17 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Subversion versions 1.5.x through 1.5.7 Apache Subversion versions 1.6.x through 1.6.12 **Description** The issue allows remote authenticated users to bypass intended access restrictions via svn commands, due to improper handling of a named repository as a rule scope in the mod dav svn module when SVNPathAuthz short circuit is enabled. **Recommendations** For Apache Subversion versions 1.5.x through 1.5.7, update to version 1.5.8 or later. For Apache Subversion versions 1.6.x through 1.6.12, update to version 1.6.13 or later.