On 09.09.15 12:21, Tom Laermans wrote:
On 2015-09-09 10:58, Mike Stupalov wrote:
On 09.09.15 8:59, Chaman Rathee wrote:
Dear Team,
We found following vulnerability inour observium tool :-
Vulnerability Detection Result :-
We found that Everybody can access/read '.svn/entries'. using https://<observium-url/.svn/entries https://%3cobservium-url/.svn/entries
What you see by these url? (https://<observium-url/.svn/entries https://%3cobservium-url/.svn/entries)
Normally if you use apache and mod_rewrite enabled and observium installed as described in official docs, you can not see content of this file (and .svn dir).
I can see it on my installs (tested before comment on irc) so I'm pretty sure something is missing...
This actual only for why used old svn with old (non-sqlite) format..
Tom
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium