Apache Subversion Information Disclosure Vulnerabilities
3 Sep. 2015
Summary
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
Credit:
The information has been provided by C. Michael Pilato of CollabNet..
Vulnerable Systems:
* Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14
Immune Systems:
* Apache Subversion after 1.8.14
Apache Subversion is prone to an information-disclosure vulnerability. Successfully exploiting this issue can allow an attacker to obtain sensitive information that may aid in launching further attacks.