Description
It was found that the mod_authz_svn module did not properly restrict
anonymous access to Subversion repositories under certain configurations
when used with Apache httpd 2.4.x. This could allow a user to anonymously
access files in a Subversion repository, which should only be accessible to
authenticated users. (CVE-2015-3184)
It was found that the mod_dav_svn module did not properly validate the
svn:author property of certain requests. An attacker able to create new
revisions could use this flaw to spoof the svn:author property.
(CVE-2015-0251)
It was found that when an SVN server (both svnserve and httpd with the
mod_dav_svn module) searched the history of a file or a directory, it would
disclose its location in the repository if that file or directory was not
readable (for example, if it had been moved). (CVE-2015-3187)