CVE-2015-3184 - Undepraved Rabbit

Description

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14 when using Apache httpd 2.4.x does not properly restrict anonymous access which allows remote anonymous users to read hidden files via the path name.

Reference

http://www.securitytracker.com/id/1033215 http://subversion.apache.org/security/CVE-2015-3184-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html https://support.apple.com/HT206172 http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://www.securityfocus.com/bid/76274 http://rhn.redhat.com/errata/RHSA-2015-1742.html http://www.ubuntu.com/usn/USN-2721-1 https://security.gentoo.org/glsa/201610-05