Release date:
Updated on:
Affected Systems:
Subversion 1.6.0-1.6.12
Subversion 1.5.0-1.5.7
Description:
--------------------------------------------------------------------------------
Subversion is an open-source multi-user version control system that supports non-ASCII text and binary data.
Subversion's WebDAV module (mod_dav_svn) has a vulnerability. Users may exploit this vulnerability to bypass security restrictions to access certain protected resources.
This vulnerability requires the SVNPathAuthz option to be set to short_circuit (non-default ).
<* Source: Kamesh Jayachandran
C. Michael Pilato
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Subversion
----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://subversion.tigris.org/