Unrated severityNVD Advisory· Published Aug 12, 2015· Updated May 6, 2026
CVE-2015-3187
CVE-2015-3187
Description
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
Affected products
14cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*range: <=1.7.20
- cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- subversion.apache.org/security/CVE-2015-3187-advisory.txtnvdVendor Advisory
- support.apple.com/HT206172nvdVendor Advisory
- lists.apple.com/archives/security-announce/2016/Mar/msg00003.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-08/msg00022.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1633.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1742.htmlnvd
- www.debian.org/security/2015/dsa-3331nvd
- www.securityfocus.com/bid/76273nvd
- www.securitytracker.com/id/1033215nvd
- www.ubuntu.com/usn/USN-2721-1nvd
- security.gentoo.org/glsa/201610-05nvd
News mentions
0No linked articles in our index yet.