Vigil@nce - Apache Subversion: two vulnerabilities
October 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Apache Subversion.
– Impacted products: Subversion, Debian, openSUSE, RHEL, Ubuntu.
– Severity: 2/4.
– Creation date: 06/08/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Apache Subversion.
An unauthenticated attacker can bypass security features of
mod_authz_svn on Apache httpd 2.4.*, in order to access to files
which should be protected. [severity:2/4; CVE-2015-3184]
An attacker can use svn_repos_trace_node_locations(), in order to
obtain the history of paths of a node, to see sensitive
information. [severity:1/4; CVE-2015-3187]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-Subversion-two-vulnerabilities-17597