PT-2015-6088 · Apache+4 · Apache Subversion+5

C. Michael Pilato

Published

2015-08-05

Updated

2024-06-15

CVE-2015-3184

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Subversion versions 1.7.x through 1.7.20 Apache Subversion versions 1.8.x through 1.8.13

Description The issue allows remote anonymous users to read hidden files via the path name due to improper restriction of anonymous access in mod authz svn when using Apache httpd 2.4.x.

Recommendations For Apache Subversion versions 1.7.x through 1.7.20, update to version 1.7.21 or later. For Apache Subversion versions 1.8.x through 1.8.13, update to version 1.8.14 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CESA-2015_1742

CVE-2015-3184

DSA-3331-1

MGASA-2015-0326

OPENSUSE-SU-2024:10538-1

RHSA-2015:1742

RHSA-2015_1742

SUSE-SU-2015:1473-1

SUSE-SU-2015_1473-1

SUSE-SU-2017:2200-1

USN-2721-1

Affected Products

Apache Subversion

Apache Httpd

Centos

Red Hat

Suse

Ubuntu

PT-2015-6088 · Apache+4 · Apache Subversion+5

CVE-2015-3184

Weakness Enumeration

Related Identifiers

Affected Products

References · 122