Sensitive Path Information Disclosure in Apache Subversion

Sensitive Path Information Disclosure in Apache Subversion

CVE-2015-3187 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

Learn more about our Cis Benchmark Audit For Apache Http Server.