9 Sep
2015
9 Sep
'15
11:21 a.m.
On 2015-09-09 10:58, Mike Stupalov wrote:
On 09.09.15 8:59, Chaman Rathee wrote:
Dear Team,
We found following vulnerability in our observium tool :-Vulnerability Detection Result :-
We found that Everybody can access/read '.svn/entries'. using https://<observium-url/.svn/entries https://%3cobservium-url/.svn/entries
What you see by these url? (https://<observium-url/.svn/entries https://%3cobservium-url/.svn/entries)
Normally if you use apache and mod_rewrite enabled and observium installed as described in official docs, you can not see content of this file (and .svn dir).
I can see it on my installs (tested before comment on irc) so I'm pretty sure something is missing...
Tom