CVE-2015-3187

CWE-200 — Information Exposure11 documents10 sources

Severity

4.0MEDIUM

EPSS

0.9%

top 23.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion Apple Xcode

Timeline

PublishedAug 12

Latest updateMay 17

Description

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶NVDapache/subversion1.7.20+12

▶Debiansubversion< 1.9.0-1+3

▶NVDapple/xcode7.2.1

🔴Vulnerability Details

GHSA

GHSA-c79q-h5wc-3724: The svn_repos_trace_node_locations function in Apache Subversion before 1↗2022-05-17

▶

OSV

CVE-2015-3187: The svn_repos_trace_node_locations function in Apache Subversion before 1↗2015-08-12

▶

CVEList

CVE-2015-3187: The svn_repos_trace_node_locations function in Apache Subversion before 1↗2015-08-12

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerabilities↗2015-08-20

▶

Red Hat

subversion: svn_repos_trace_node_locations() reveals paths hidden by authz↗2015-08-05

▶

Debian

CVE-2015-3187: subversion - The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 a...↗2015

▶

Apache

Apache subversion: CVE-2015-3187↗

▶

Apple

CVE-2015-3187: Xcode 7.3↗

▶

💬Community

Bugzilla

CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz [fedora-all]↗2015-08-06

▶

Bugzilla

CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz↗2015-07-27

▶