Navigation Bar Top Applications Support Documentation Vendors Search Index Top Top

subversion -- WebDAV fails to protect metadata

Description:

In some situations, subversion metadata may be unexpectedly disclosed via WebDAV. A subversion advisory states:

mod_authz_svn, the Apache httpd module which does path-based authorization on Subversion repositories, is not correctly protecting all metadata on unreadable paths.

This security issue is not about revealing the contents of protected files: it only reveals metadata about protected areas such as paths and log messages. This may or may not be important to your organization, depending on how you're using path-based authorization, and the sensitivity of the metadata.

References:

Affects:

portaudit: subversion -- WebDAV fails to protect metadata

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.


Oliver Eikemeier <eik@FreeBSD.org>