{ "id": "CVE-2015-3187", "sourceIdentifier": "secalert@redhat.com", "published": "2015-08-12T14:59:12.150", "lastModified": "2017-07-01T01:29:15.733", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path." }, { "lang": "es", "value": "Vulnerabilidad en la funci\u00f3n svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorizaci\u00f3n basada en ruta, permite a usuarios remotos autenticados obtener informaci\u00f3n de ruta sensible leyendo el historial de un nodo que ha sido movido desde una ruta oculta." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-200" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.7.20", "matchCriteriaId": "9158B9C3-7832-4D4F-B3CE-0E9CDDA4C9DF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "A57A3347-6C48-4803-AB4E-A4BC0E6BFA41" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "50D26799-D038-470A-A468-58DBDB64A7E6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "D3769BD6-B104-4F74-B8C4-89398A8894FB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "9757DD5E-42A6-44B8-9692-49690F60C8D1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "A7B5A014-D4EE-4244-AABA-0873492F7295" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "CD9F8C2A-A94E-4D99-839B-47AAE8754191" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "69D29A9E-DB23-4D86-B4A3-3C4F663416AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D86AEE89-9F8E-43A5-A888-F421B10DB2C7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "D335628F-EC07-43BE-9B29-3365A6F64D71" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "D4EF7D71-3AAF-4112-831A-3538C5B82594" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "89835508-F72F-4D8A-8E4A-5CFAA5F90C24" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "2A83933C-D270-4B9A-8D18-AC7302A5B86F" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "versionEndIncluding": "7.2.1", "matchCriteriaId": "CC0E785D-FDCD-46DD-9BE9-049D6C1D6E1E" } ] } ] } ], "references": [ { "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html", "source": "secalert@redhat.com" }, { "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html", "source": "secalert@redhat.com" }, { "url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html", "source": "secalert@redhat.com" }, { "url": "http://rhn.redhat.com/errata/RHSA-2015-1742.html", "source": "secalert@redhat.com" }, { "url": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.debian.org/security/2015/dsa-3331", "source": "secalert@redhat.com" }, { "url": "http://www.securityfocus.com/bid/76273", "source": "secalert@redhat.com" }, { "url": "http://www.securitytracker.com/id/1033215", "source": "secalert@redhat.com" }, { "url": "http://www.ubuntu.com/usn/USN-2721-1", "source": "secalert@redhat.com" }, { "url": "https://security.gentoo.org/glsa/201610-05", "source": "secalert@redhat.com" }, { "url": "https://support.apple.com/HT206172", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] } ] }