Subversion Module unreadeable path information disclosure
|
|
Article ID: 14800
Last updated: 27 Jan, 2009
|
|
|
|
Views: 663
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
Subversion Module unreadeable path information disclosure |
|
| This script is Copyright (C) 2004 David Maciejak |
|
|
| Family | Remote file access |
| Plugin ID | 14800 |
| Bugtraq ID | 11243
|
| CVE ID | CVE-2004-0749
|
|
| Description: |
You are running a version of Subversion which is older than 1.0.8 or
1.1.0-rc4.
A flaw exist in older version, in the apache module mod_authz_svn,
which fails to properly restrict access to metadata within unreadable
paths.
An attacker can read metadata in unreadable paths, which can contain
sensitive information such as logs and paths.
Solution : Upgrade to subversion 1.0.8, 1.1.0-rc4 or newer
Risk factor : Medium |
|
