CVE-2015-3187

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

Published: Aug 12, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-3187
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
apache / subversion	1.8.2	1.8.2.x
apache / subversion	1.8.13	1.8.13.x
apache / subversion	1.8.1	1.8.1.x
apache / subversion	-	1.7.20.x
apache / subversion	1.8.9	1.8.9.x
apache / subversion	1.8.5	1.8.5.x
apache / subversion	1.8.6	1.8.6.x
apache / subversion	1.8.4	1.8.4.x
apache / subversion	1.8.3	1.8.3.x
apache / subversion	1.8.10	1.8.10.x
apache / subversion	1.8.7	1.8.7.x
apache / subversion	1.8.11	1.8.11.x
apache / subversion	1.8.8	1.8.8.x
apple / xcode	-	7.2.1.x

http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html
http://rhn.redhat.com/errata/RHSA-2015-1633.html
http://rhn.redhat.com/errata/RHSA-2015-1742.html
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
http://www.debian.org/security/2015/dsa-3331
http://www.securityfocus.com/bid/76273
http://www.securitytracker.com/id/1033215
http://www.ubuntu.com/usn/USN-2721-1
https://security.gentoo.org/glsa/201610-05
https://support.apple.com/HT206172

Vulnerability Database

289,599

CVE-2015-3187