CVE-2015-3184

CVE Database · CVE-2015-3184

CVE-2015-3184

· N/AModified

CVSS v3.1

N/A

EPSS

10.61%

Published

Aug 12, 2015

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

Weaknesses (CWE)

CWE-200

Affected Products (46)

apple · xcodevulnerable

apache · subversionvulnerable

References (20)

http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html

http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html

http://rhn.redhat.com/errata/RHSA-2015-1742.html

http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

Vendor Advisory

http://www.debian.org/security/2015/dsa-3331

http://www.securityfocus.com/bid/76274

http://www.securitytracker.com/id/1033215

http://www.ubuntu.com/usn/USN-2721-1

https://security.gentoo.org/glsa/201610-05

https://support.apple.com/HT206172

Vendor Advisory

http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html

KEV Catalog EPSS Scores Vendors All CVEs