Lucene search

[email protected]NVD:CVE-2015-3184

HistoryAug 12, 2015 - 2:59 p.m.

CVE-2015-3184

2015-08-1214:59:10

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

Affected configurations

NVD

Node

applexcodeRange≤7.2.1

Node

apachesubversionMatch1.7.0

apachesubversionMatch1.7.1

apachesubversionMatch1.7.2

apachesubversionMatch1.7.3

apachesubversionMatch1.7.4

apachesubversionMatch1.7.5

apachesubversionMatch1.7.6

apachesubversionMatch1.7.7

apachesubversionMatch1.7.8

apachesubversionMatch1.7.9

apachesubversionMatch1.7.10

apachesubversionMatch1.7.11

apachesubversionMatch1.7.12

apachesubversionMatch1.7.13

apachesubversionMatch1.7.14

apachesubversionMatch1.7.15

apachesubversionMatch1.7.16

apachesubversionMatch1.7.17

apachesubversionMatch1.7.18

apachesubversionMatch1.7.19

apachesubversionMatch1.7.20

apachesubversionMatch1.8.0

apachesubversionMatch1.8.1

apachesubversionMatch1.8.2

apachesubversionMatch1.8.3

apachesubversionMatch1.8.4

apachesubversionMatch1.8.5

apachesubversionMatch1.8.6

apachesubversionMatch1.8.7

apachesubversionMatch1.8.8

apachesubversionMatch1.8.9

apachesubversionMatch1.8.10

apachesubversionMatch1.8.11

apachesubversionMatch1.8.13

AND

apachehttp_serverMatch2.4.1

apachehttp_serverMatch2.4.2

apachehttp_serverMatch2.4.3

apachehttp_serverMatch2.4.4

apachehttp_serverMatch2.4.6

apachehttp_serverMatch2.4.7

apachehttp_serverMatch2.4.9

apachehttp_serverMatch2.4.10

apachehttp_serverMatch2.4.12

apachehttp_serverMatch2.4.14

apachehttp_serverMatch2.4.16

References

lists.apple.com/archives/security-announce/2016/Mar/msg00003.html

lists.opensuse.org/opensuse-updates/2015-08/msg00022.html

rhn.redhat.com/errata/RHSA-2015-1742.html

subversion.apache.org/security/CVE-2015-3184-advisory.txt

www.debian.org/security/2015/dsa-3331

www.securityfocus.com/bid/76274

www.securitytracker.com/id/1033215

www.ubuntu.com/usn/USN-2721-1

security.gentoo.org/glsa/201610-05

support.apple.com/HT206172

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for NVD:CVE-2015-3184

cve1 cvelist1 f51 debiancve1 prion1 openvas10 ubuntucve1 debian2 nessus15 freebsd1 mageia1 securityvulns2 archlinux1 osv1 apple2 amazon1 redhat1 centos1 oraclelinux1 fedora1 ubuntu1 gentoo1 suse1