CVE-2015-3187
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
Known Affected Software
69 configuration(s) from 2 vendor(s)
subversion
Version:
1.8.4
CPE:
cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
subversion
Version:
1.8.9
CPE:
cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
subversion
Version:
1.8.8
CPE:
cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
subversion
Version:
1.8.2
CPE:
cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
subversion
Version:
1.8.5
CPE:
cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
subversion
Version:
1.8.6
CPE:
cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
subversion
Version:
1.8.10
CPE:
cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*
subversion
Version:
1.8.3
CPE:
cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
subversion
Version:
1.8.11
CPE:
cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*
subversion
Version:
1.8.7
CPE:
cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
subversion
Version:
1.8.1
CPE:
cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
subversion
Version:
1.8.13
CPE:
cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*
xcode
Version:
6.1.1
CPE:
cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
xcode
Version:
7.1
CPE:
cpe:2.3:a:apple:xcode:7.1:*:*:*:*:*:*:*
xcode
Version:
4.0
CPE:
cpe:2.3:a:apple:xcode:4.0:*:*:*:*:*:*:*
xcode
Version:
4.0.1
CPE:
cpe:2.3:a:apple:xcode:4.0.1:*:*:*:*:*:*:*
xcode
Version:
3.1.1
CPE:
cpe:2.3:a:apple:xcode:3.1.1:*:*:*:*:*:*:*
xcode
Version:
1.5.0
CPE:
cpe:2.3:a:apple:xcode:1.5.0:*:*:*:*:*:*:*
xcode
Version:
4.6
CPE:
cpe:2.3:a:apple:xcode:4.6:*:*:*:*:*:*:*
xcode
Version:
7.2
CPE:
cpe:2.3:a:apple:xcode:7.2:*:*:*:*:*:*:*
xcode
Version:
4.2
CPE:
cpe:2.3:a:apple:xcode:4.2:*:*:*:*:*:*:*
xcode
Version:
4.3.3
CPE:
cpe:2.3:a:apple:xcode:4.3.3:*:*:*:*:*:*:*
xcode
Version:
7.1.1
CPE:
cpe:2.3:a:apple:xcode:7.1.1:*:*:*:*:*:*:*
xcode
Version:
5.1
CPE:
cpe:2.3:a:apple:xcode:5.1:*:*:*:*:*:*:*
xcode
Version:
4.6.3
CPE:
cpe:2.3:a:apple:xcode:4.6.3:*:*:*:*:*:*:*
xcode
Version:
2.3.0
CPE:
cpe:2.3:a:apple:xcode:2.3.0:*:*:*:*:*:*:*
xcode
Version:
6.1
CPE:
cpe:2.3:a:apple:xcode:6.1:*:*:*:*:*:*:*
xcode
Version:
4.3.2
CPE:
cpe:2.3:a:apple:xcode:4.3.2:*:*:*:*:*:*:*
xcode
Version:
6.3.1
CPE:
cpe:2.3:a:apple:xcode:6.3.1:*:*:*:*:*:*:*
xcode
Version:
2.0.0
CPE:
cpe:2.3:a:apple:xcode:2.0.0:*:*:*:*:*:*:*
xcode
Version:
2.4.0
CPE:
cpe:2.3:a:apple:xcode:2.4.0:*:*:*:*:*:*:*
xcode
Version:
6.3
CPE:
cpe:2.3:a:apple:xcode:6.3:*:*:*:*:*:*:*
xcode
Version:
3.2.2
CPE:
cpe:2.3:a:apple:xcode:3.2.2:*:*:*:*:*:*:*
xcode
Version:
2.1.0
CPE:
cpe:2.3:a:apple:xcode:2.1.0:*:*:*:*:*:*:*
xcode
Version:
3.2.1
CPE:
cpe:2.3:a:apple:xcode:3.2.1:*:*:*:*:*:*:*
xcode
Version:
3.2.4
CPE:
cpe:2.3:a:apple:xcode:3.2.4:*:*:*:*:*:*:*
xcode
Version:
4.3.1
CPE:
cpe:2.3:a:apple:xcode:4.3.1:*:*:*:*:*:*:*
xcode
Version:
7.0
CPE:
cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*
xcode
Version:
3.2.3
CPE:
cpe:2.3:a:apple:xcode:3.2.3:*:*:*:*:*:*:*
xcode
Version:
5.0.1
CPE:
cpe:2.3:a:apple:xcode:5.0.1:*:*:*:*:*:*:*
xcode
Version:
5.0.2
CPE:
cpe:2.3:a:apple:xcode:5.0.2:*:*:*:*:*:*:*
xcode
Version:
3.1.3
CPE:
cpe:2.3:a:apple:xcode:3.1.3:*:*:*:*:*:*:*
xcode
Version:
7.0.1
CPE:
cpe:2.3:a:apple:xcode:7.0.1:*:*:*:*:*:*:*
xcode
Version:
6.0
CPE:
cpe:2.3:a:apple:xcode:6.0:*:*:*:*:*:*:*
xcode
Version:
5.1.1
CPE:
cpe:2.3:a:apple:xcode:5.1.1:*:*:*:*:*:*:*
xcode
Version:
4.6.2
CPE:
cpe:2.3:a:apple:xcode:4.6.2:*:*:*:*:*:*:*
xcode
Version:
4.6.1
CPE:
cpe:2.3:a:apple:xcode:4.6.1:*:*:*:*:*:*:*
xcode
Version:
6.3.2
CPE:
cpe:2.3:a:apple:xcode:6.3.2:*:*:*:*:*:*:*
xcode
Version:
3.1.2
CPE:
cpe:2.3:a:apple:xcode:3.1.2:*:*:*:*:*:*:*
xcode
Version:
4.2.1
CPE:
cpe:2.3:a:apple:xcode:4.2.1:*:*:*:*:*:*:*
xcode
Version:
4.4.1
CPE:
cpe:2.3:a:apple:xcode:4.4.1:*:*:*:*:*:*:*
xcode
Version:
4.3
CPE:
cpe:2.3:a:apple:xcode:4.3:*:*:*:*:*:*:*
xcode
Version:
4.5.2
CPE:
cpe:2.3:a:apple:xcode:4.5.2:*:*:*:*:*:*:*
xcode
Version:
4.5
CPE:
cpe:2.3:a:apple:xcode:4.5:*:*:*:*:*:*:*
xcode
Version:
3.1
CPE:
cpe:2.3:a:apple:xcode:3.1:*:*:*:*:*:*:*
xcode
Version:
4.1.1
CPE:
cpe:2.3:a:apple:xcode:4.1.1:*:*:*:*:*:*:*
xcode
Version:
6.2
CPE:
cpe:2.3:a:apple:xcode:6.2:beta_2:*:*:*:*:*:*
xcode
Version:
2.2.0
CPE:
cpe:2.3:a:apple:xcode:2.2.0:*:*:*:*:*:*:*
xcode
Version:
4.5.1
CPE:
cpe:2.3:a:apple:xcode:4.5.1:*:*:*:*:*:*:*
xcode
Version:
4.4
CPE:
cpe:2.3:a:apple:xcode:4.4:*:*:*:*:*:*:*
xcode
Version:
2.4.1
CPE:
cpe:2.3:a:apple:xcode:2.4.1:*:*:*:*:*:*:*
xcode
Version:
7.2.1
CPE:
cpe:2.3:a:apple:xcode:7.2.1:*:*:*:*:*:*:*
xcode
Version:
3.2.5
CPE:
cpe:2.3:a:apple:xcode:3.2.5:*:*:*:*:*:*:*
xcode
Version:
4.1
CPE:
cpe:2.3:a:apple:xcode:4.1:*:*:*:*:*:*:*
xcode
Version:
5.0
CPE:
cpe:2.3:a:apple:xcode:5.0:*:*:*:*:*:*:*
xcode
Version:
6.4
CPE:
cpe:2.3:a:apple:xcode:6.4:*:*:*:*:*:*:*
xcode
Version:
6.0.1
CPE:
cpe:2.3:a:apple:xcode:6.0.1:*:*:*:*:*:*:*
xcode
Version:
4.0.2
CPE:
cpe:2.3:a:apple:xcode:4.0.2:*:*:*:*:*:*:*
xcode
Version:
3.1.4
CPE:
cpe:2.3:a:apple:xcode:3.1.4:*:*:*:*:*:*:*
This vulnerability affects 69 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.htmlsecalert@redhat.com
-
http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.htmlsecalert@redhat.com
-
http://rhn.redhat.com/errata/RHSA-2015-1633.htmlsecalert@redhat.com
-
http://rhn.redhat.com/errata/RHSA-2015-1742.htmlsecalert@redhat.com
-
http://subversion.apache.org/security/CVE-2015-3187-advisory.txtsecalert@redhat.com Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3331secalert@redhat.com
-
http://www.securityfocus.com/bid/76273secalert@redhat.com
-
http://www.securitytracker.com/id/1033215secalert@redhat.com
-
http://www.ubuntu.com/usn/USN-2721-1secalert@redhat.com
-
https://security.gentoo.org/glsa/201610-05secalert@redhat.com
-
https://support.apple.com/HT206172secalert@redhat.com Vendor Advisory
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://rhn.redhat.com/errata/RHSA-2015-1633.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://rhn.redhat.com/errata/RHSA-2015-1742.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://subversion.apache.org/security/CVE-2015-3187-advisory.txtaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3331af854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/76273af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id/1033215af854a3a-2127-422b-91ae-364da2661108
-
http://www.ubuntu.com/usn/USN-2721-1af854a3a-2127-422b-91ae-364da2661108
-
https://security.gentoo.org/glsa/201610-05af854a3a-2127-422b-91ae-364da2661108
-
https://support.apple.com/HT206172af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
- Description
- The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Class
Key Information
- Published Date
- August 12, 2015
