On 09.09.15 12:21, Tom Laermans wrote:

On 2015-09-09 10:58, Mike Stupalov wrote:

On 09.09.15 8:59, Chaman Rathee wrote:

Dear Team,

We found following vulnerability in our observium tool :-

Vulnerability Detection Result :-

We found that Everybody can access/read '.svn/entries'. using https://<observium-url/.svn/entries

What you see by these url? (https://<observium-url/.svn/entries)

Normally if you use apache and mod_rewrite enabled and observium installed as described in official docs,
you can not see content of this file (and .svn dir).

I can see it on my installs (tested before comment on irc) so I'm pretty sure something is missing...

This actual only for why used old svn with old (non-sqlite) format..

Tom

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

-- 
Mike Stupalov
http://observium.org