Vulnerability Description
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Xcode | <= 7.2.1 |
| Apache | Subversion | 1.7.0 |
| Apache | Http Server | 2.4.1 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html
- http://rhn.redhat.com/errata/RHSA-2015-1742.html
- http://subversion.apache.org/security/CVE-2015-3184-advisory.txtVendor Advisory
- http://www.debian.org/security/2015/dsa-3331
- http://www.securityfocus.com/bid/76274
- http://www.securitytracker.com/id/1033215
- http://www.ubuntu.com/usn/USN-2721-1
- https://security.gentoo.org/glsa/201610-05
- https://support.apple.com/HT206172Vendor Advisory
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html
- http://rhn.redhat.com/errata/RHSA-2015-1742.html
- http://subversion.apache.org/security/CVE-2015-3184-advisory.txtVendor Advisory
- http://www.debian.org/security/2015/dsa-3331
FAQ
What is CVE-2015-3184?
CVE-2015-3184 is a vulnerability with a CVSS score of 5.0 (MEDIUM). mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read ...
How severe is CVE-2015-3184?
CVE-2015-3184 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3184?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Xcode, Apache Subversion, Apache Http Server.