Lucene search

K
nvd[email protected]NVD:CVE-2015-3184
HistoryAug 12, 2015 - 2:59 p.m.

CVE-2015-3184

2015-08-1214:59:10
CWE-200
web.nvd.nist.gov
8

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.9

Confidence

High

EPSS

0.003

Percentile

68.2%

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

Affected configurations

Nvd
Node
applexcodeRange≤7.2.1
Node
apachesubversionMatch1.7.0
OR
apachesubversionMatch1.7.1
OR
apachesubversionMatch1.7.2
OR
apachesubversionMatch1.7.3
OR
apachesubversionMatch1.7.4
OR
apachesubversionMatch1.7.5
OR
apachesubversionMatch1.7.6
OR
apachesubversionMatch1.7.7
OR
apachesubversionMatch1.7.8
OR
apachesubversionMatch1.7.9
OR
apachesubversionMatch1.7.10
OR
apachesubversionMatch1.7.11
OR
apachesubversionMatch1.7.12
OR
apachesubversionMatch1.7.13
OR
apachesubversionMatch1.7.14
OR
apachesubversionMatch1.7.15
OR
apachesubversionMatch1.7.16
OR
apachesubversionMatch1.7.17
OR
apachesubversionMatch1.7.18
OR
apachesubversionMatch1.7.19
OR
apachesubversionMatch1.7.20
OR
apachesubversionMatch1.8.0
OR
apachesubversionMatch1.8.1
OR
apachesubversionMatch1.8.2
OR
apachesubversionMatch1.8.3
OR
apachesubversionMatch1.8.4
OR
apachesubversionMatch1.8.5
OR
apachesubversionMatch1.8.6
OR
apachesubversionMatch1.8.7
OR
apachesubversionMatch1.8.8
OR
apachesubversionMatch1.8.9
OR
apachesubversionMatch1.8.10
OR
apachesubversionMatch1.8.11
OR
apachesubversionMatch1.8.13
AND
apachehttp_serverMatch2.4.1
OR
apachehttp_serverMatch2.4.2
OR
apachehttp_serverMatch2.4.3
OR
apachehttp_serverMatch2.4.4
OR
apachehttp_serverMatch2.4.6
OR
apachehttp_serverMatch2.4.7
OR
apachehttp_serverMatch2.4.9
OR
apachehttp_serverMatch2.4.10
OR
apachehttp_serverMatch2.4.12
OR
apachehttp_serverMatch2.4.14
OR
apachehttp_serverMatch2.4.16
VendorProductVersionCPE
applexcode*cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
apachesubversion1.7.0cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
apachesubversion1.7.1cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
apachesubversion1.7.2cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
apachesubversion1.7.3cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
apachesubversion1.7.4cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
apachesubversion1.7.5cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
apachesubversion1.7.6cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
apachesubversion1.7.7cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
apachesubversion1.7.8cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
Rows per page:
1-10 of 461

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.9

Confidence

High

EPSS

0.003

Percentile

68.2%