• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Subversion Mod_Authz_Svn Metadata Information Disclosure Vulnerability

It is reported that Subversions mod_authz_svn module is susceptible to an information disclosure vulnerability.

This vulnerability is presents itself when paths that are marked as unreadable are accessed by particular Subversion client commands. It is reportedly possible to disclose the existence of files that are inaccessible to users. Under certain circumstances it may also be possible to disclose commit log messages, or even the contents of files that are configured to be inaccessible to users.

This vulnerability is reported to exist in versions prior to 1.0.8 and 1.1.0-rc4.