Hi Chaman,

This isn't really that much of a security issue, since it's *our* SVN data, rather than *your* SVN data. There's nothing useful in there, and anyone can get an identical copy of the metadata by just downloading our code from our SVN server!

If you delete or move the .svn folders you'll no longer be able to update, since this is metadata used by SVN.

We've blocked dot files in the latest revision using .htaccess, which will make this warning go away.

adam.

On 09/09/2015 06:59:24, Chaman Rathee <chaman.rathee@progression.com> wrote:

Dear Team,

                               We found following vulnerability in our observium tool :-

 

Vulnerability Detection Result :-

 

We found that Everybody can access/read '.svn/entries'.            using    https://<observium-url/.svn/entries

Details: Apache Subversion Module Metadata Accessible

OID:1.3.6.1.4.1.25623.1.0.105099

 

But we checked at Observium Apache Server and found that we have not Load any module for Subversion.

 

So, Please suggest how to solve this vulnerability and if I delete or move .svn folder Will it impact to my running observium?

 

 

….

With Best Regards,

Chaman Rathee

Mob. No. :- 9560055816

 





 
Fabrikam

Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), please delete this message and kindly notify the sender by an emailed reply. Opinions, conclusions and other information in this message that do not relate to the official business of Progression and its associate entities shall be understood as neither given nor endorsed by them.