I have just discovered on our server, we can all view this page too, even externally…
i have checked the .htaccess and it doesn’t appear to have anything in there of hide the .svn
maybe add it in a commit :)
Simon
On 9 Sep 2015, at 9:58 am, Mike Stupalov mike@observium.org wrote:
On 09.09.15 8:59, Chaman Rathee wrote:
Dear Team, We found following vulnerability in our observium tool :-
Vulnerability Detection Result :-
We found that Everybody can access/read '.svn/entries'. using https://<observium-url/.svn/entries https://%3cobservium-url/.svn/entriesWhat you see by these url? (https://<observium-url/.svn/entries https://%3cobservium-url/.svn/entries)
Normally if you use apache and mod_rewrite enabled and observium installed as described in official docs, you can not see content of this file (and .svn dir).
Details: Apache Subversion Module Metadata Accessible OID:1.3.6.1.4.1.25623.1.0.105099
But we checked at Observium Apache Server and found that we have not Load any module for Subversion.
So, Please suggest how to solve this vulnerability and if I delete or move .svn folder Will it impact to my running observium?
…. With Best Regards, Chaman Rathee Mob. No. :- 9560055816
Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), please delete this message and kindly notify the sender by an emailed reply. Opinions, conclusions and other information in this message that do not relate to the official business of Progression and its associate entities shall be understood as neither given nor endorsed by them.
observium mailing list observium@observium.org mailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mike Stupalov http://observium.org http://observium.org/_______________________________________________ observium mailing list observium@observium.org mailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium