4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.5%
Package : subversion
Version : 1.6.12dfsg-7+deb6u3
CVE ID : CVE-2015-3187
C. Michael Pilato, from CollabNet, reported an issue in the version
control system Subversion.
CVE-2015-3187
Subversion servers revealed some sensible paths hidden by path-based
authorization. Remote authenticated users were allowed to obtain
path information by reading the history of a node that has been
moved from a hidden path. The vulnerability only revealed the path,
though it didn't reveal its content.
For Debian 6 “Squeeze”, this issue has been fixed in subversion
1.6.12dfsg-7+deb6u3. We recommend to upgrade your subversion packages.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | sparc | python-subversion | < 1.6.17dfsg-4+deb7u10 | python-subversion_1.6.17dfsg-4+deb7u10_sparc.deb |
Debian | 8 | armhf | libapache2-mod-svn | < 1.8.10-6+deb8u1 | libapache2-mod-svn_1.8.10-6+deb8u1_armhf.deb |
Debian | 8 | arm64 | subversion-tools | < 1.8.10-6+deb8u1 | subversion-tools_1.8.10-6+deb8u1_arm64.deb |
Debian | 7 | kfreebsd-i386 | libsvn-ruby1.8 | < 1.6.17dfsg-4+deb7u10 | libsvn-ruby1.8_1.6.17dfsg-4+deb7u10_kfreebsd-i386.deb |
Debian | 8 | amd64 | libsvn1 | < 1.8.10-6+deb8u1 | libsvn1_1.8.10-6+deb8u1_amd64.deb |
Debian | 8 | powerpc | subversion-dbg | < 1.8.10-6+deb8u1 | subversion-dbg_1.8.10-6+deb8u1_powerpc.deb |
Debian | 6 | i386 | libsvn-dev | < 1.6.12dfsg-7+deb6u3 | libsvn-dev_1.6.12dfsg-7+deb6u3_i386.deb |
Debian | 8 | armel | libapache2-mod-svn | < 1.8.10-6+deb8u1 | libapache2-mod-svn_1.8.10-6+deb8u1_armel.deb |
Debian | 7 | mips | libapache2-svn | < 1.6.17dfsg-4+deb7u10 | libapache2-svn_1.6.17dfsg-4+deb7u10_mips.deb |
Debian | 7 | armhf | python-subversion | < 1.6.17dfsg-4+deb7u10 | python-subversion_1.6.17dfsg-4+deb7u10_armhf.deb |