CVE-2015-3184

CWE-200 — Information Exposure CWE-28511 documents10 sources

Severity

5.0MEDIUM

EPSS

17.0%

top 5.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode Apache Subversion

Timeline

PublishedAug 12

Latest updateMay 17

Description

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDapache/subversion34 versions+33

▶Debiansubversion< 1.9.0-1+3

▶NVDapple/xcode7.2.1

🔴Vulnerability Details

GHSA

GHSA-8578-652m-fxc9: mod_authz_svn in Apache Subversion 1↗2022-05-17

▶

OSV

CVE-2015-3184: mod_authz_svn in Apache Subversion 1↗2015-08-12

▶

CVEList

CVE-2015-3184: mod_authz_svn in Apache Subversion 1↗2015-08-12

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerabilities↗2015-08-20

▶

Red Hat

subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4↗2015-08-05

▶

Debian

CVE-2015-3184: subversion - mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, ...↗2015

▶

Apache

Apache subversion: CVE-2015-3184↗

▶

Apple

CVE-2015-3184: Xcode 7.3↗

▶

💬Community

Bugzilla

CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4 [fedora-all]↗2015-08-06

▶

Bugzilla

CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4↗2015-07-27

▶