FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

subversion -- multiple vulnerabilities

Affected packages
1.8.0 <= subversion < 1.8.14
1.7.0 <= subversion < 1.7.21

Details

VuXML ID 57bb5e3d-3c4f-11e5-a4d4-001e8c75030d
Discovery 2015-07-27
Entry 2015-08-06

Subversion reports:

CVE-2015-3184:
Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4.

CVE-2015-3187:
Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz.

[source]

References

CVE Name CVE-2015-3184
CVE Name CVE-2015-3187
URL http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
URL http://subversion.apache.org/security/CVE-2015-3187-advisory.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.