CVE-2015-3184 Information

Description

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14 when using Apache httpd 2.4.x does not properly restrict anonymous access which allows remote anonymous users to read hidden files via the path name.

Reference

http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-3184-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://www.securityfocus.com/bid/76274 http://www.securitytracker.com/id/1033215 http://www.ubuntu.com/usn/USN-2721-1 https://security.gentoo.org/glsa/201610-05 https://support.apple.com/HT206172