Unrated severityNVD Advisory· Published Aug 12, 2015· Updated Jun 17, 2026
CVE-2015-3184
CVE-2015-3184
Description
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
40cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*+ 34 more
- cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
- (no CPE)range: >=1.7.0 <1.7.21; >=1.8.0 <1.8.14
- osv-coords4 versionspkg:rpm/opensuse/subversion&distro=openSUSE%20Tumbleweedpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 1.9.5-1.1+ 3 more
- (no CPE)range: < 1.9.5-1.1
- (no CPE)range: < 1.8.10-15.1
- (no CPE)range: < 1.8.19-25.3.1
- (no CPE)range: < 1.8.19-25.3.1
Patches
Vulnerability mechanics
References
10- subversion.apache.org/security/CVE-2015-3184-advisory.txtnvdVendor Advisory
- support.apple.com/HT206172nvdVendor Advisory
- lists.apple.com/archives/security-announce/2016/Mar/msg00003.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-08/msg00022.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1742.htmlnvd
- www.debian.org/security/2015/dsa-3331nvd
- www.securityfocus.com/bid/76274nvd
- www.securitytracker.com/id/1033215nvd
- www.ubuntu.com/usn/USN-2721-1nvd
- security.gentoo.org/glsa/201610-05nvd
News mentions
0No linked articles in our index yet.