CVE-2015-3187

Public on 2015-08-12

Modified on 2016-03-29

Description

It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved).

Severity

Low

See what this means

CVSS v3 Base Score

3.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	mod_dav_svn	2016-03-29 15:30	ALAS-2016-676
Amazon Linux 1	subversion	2016-03-29 15:30	ALAS-2016-676

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	3.5	AV:N/AC:M/Au:S/C:P/I:N/A:N
NVD	CVSSv2	4.0	AV:N/AC:L/Au:S/C:P/I:N/A:N

References

Red Hat: CVE-2015-3187 Mitre: CVE-2015-3187 FAQs regarding Amazon Linux ALAS/CVE Severity