FreeBSD184F5D0B-0FE8-11D9-8A8A-000C41E2CDADsubversion -- WebDAV fails to protect metadata
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.029 Low
EPSS
Percentile
90.8%
In some situations, subversion metadata may be unexpectedly
disclosed via WebDAV. A subversion advisory states:
mod_authz_svn, the Apache httpd module which does path-based
authorization on Subversion repositories, is not correctly
protecting all metadata on unreadable paths.
This security issue is not about revealing the contents
of protected files: it only reveals metadata about
protected areas such as paths and log messages. This may
or may not be important to your organization, depending
on how you’re using path-based authorization, and the
sensitivity of the metadata.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | subversion | < 1.0.8 | UNKNOWN |
| FreeBSD | any | noarch | subversion-perl | < 1.0.8 | UNKNOWN |
| FreeBSD | any | noarch | subversion-python | < 1.0.8 | UNKNOWN |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.029 Low
EPSS
Percentile
90.8%