4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
45.7%
Package : subversion
Version : 1.6.12dfsg-7+deb6u3
CVE ID : CVE-2015-3187
C. Michael Pilato, from CollabNet, reported an issue in the version
control system Subversion.
CVE-2015-3187
Subversion servers revealed some sensible paths hidden by path-based
authorization. Remote authenticated users were allowed to obtain
path information by reading the history of a node that has been
moved from a hidden path. The vulnerability only revealed the path,
though it didn't reveal its content.
For Debian 6 “Squeeze”, this issue has been fixed in subversion
1.6.12dfsg-7+deb6u3. We recommend to upgrade your subversion packages.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | all | libsvn-ruby | < 1.6.17dfsg-4+deb7u10 | libsvn-ruby_1.6.17dfsg-4+deb7u10_all.deb |
Debian | 7 | armhf | libsvn1 | < 1.6.17dfsg-4+deb7u10 | libsvn1_1.6.17dfsg-4+deb7u10_armhf.deb |
Debian | 7 | kfreebsd-amd64 | libsvn1 | < 1.6.17dfsg-4+deb7u10 | libsvn1_1.6.17dfsg-4+deb7u10_kfreebsd-amd64.deb |
Debian | 7 | ia64 | libsvn-dev | < 1.6.17dfsg-4+deb7u10 | libsvn-dev_1.6.17dfsg-4+deb7u10_ia64.deb |
Debian | 8 | all | libsvn-ruby1.8 | < 1.8.10-6+deb8u1 | libsvn-ruby1.8_1.8.10-6+deb8u1_all.deb |
Debian | 8 | armel | subversion-dbg | < 1.8.10-6+deb8u1 | subversion-dbg_1.8.10-6+deb8u1_armel.deb |
Debian | 8 | ppc64el | subversion-dbg | < 1.8.10-6+deb8u1 | subversion-dbg_1.8.10-6+deb8u1_ppc64el.deb |
Debian | 7 | kfreebsd-i386 | libsvn1 | < 1.6.17dfsg-4+deb7u10 | libsvn1_1.6.17dfsg-4+deb7u10_kfreebsd-i386.deb |
Debian | 7 | armhf | subversion | < 1.6.17dfsg-4+deb7u10 | subversion_1.6.17dfsg-4+deb7u10_armhf.deb |
Debian | 8 | s390x | libsvn-perl | < 1.8.10-6+deb8u1 | libsvn-perl_1.8.10-6+deb8u1_s390x.deb |