Launchpad CVE tracker

CVE 2015-3184

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

Related bugs and status

CVE-2015-3184 (Candidate) is related to these bugs:

Bug #563179: svn crashes when checking out when saving credentials in kwallet

Summary				In	Importance	Status
	563179	svn crashes when checking out when saving credentials in kwallet		subversion (Ubuntu)	Medium	Fix Released
	563179	svn crashes when checking out when saving credentials in kwallet		subversion (Debian)	Unknown	Fix Released

Bug #1487398: Kerberos authentication no longer works following upgrade 1.8.8-1ubuntu3.1 to 1.8.8-1ubuntu3.2

Summary				In	Importance	Status
	1487398	Kerberos authentication no longer works following upgrade 1.8.8-1ubuntu3.1 to 1.8.8-1ubuntu3.2		subversion (Ubuntu)	Undecided	Confirmed
	1487398	Kerberos authentication no longer works following upgrade 1.8.8-1ubuntu3.1 to 1.8.8-1ubuntu3.2		subversion (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-3184

References