Re: [Observium] Observium Apache Subversion Module Metadata accessible via HTTP......!

9 Sep 2015


      Den 2015-09-09 kl. 07:59, skrev Chaman Rathee:
...
Vulnerability Detection Result :-
We found that Everybody can access/read '.svn/entries'.            using    https://<observium-url/.svn/entrieshttps://%3cobservium-url/.svn/entries
Details: Apache Subversion Module Metadata Accessible
OID:1.3.6.1.4.1.25623.1.0.105099
So, Please suggest how to solve this vulnerability and if I delete or move .svn folder Will it impact to my running observium?
Add this to your apache config:
<directorymatch "^/.*/.svn/">
         Order deny,allow
         Deny from all
     </directorymatch>
/niklas

Re: [Observium] Observium Apache Subversion Module Metadata accessible via HTTP......!

Niklas Larsson