On 09.09.15 8:59, Chaman Rathee wrote:
Dear Team,
We found following vulnerability in ourobservium tool :-
Vulnerability Detection Result :-
We found that Everybody can access/read '.svn/entries'. using https://<observium-url/.svn/entries https://%3cobservium-url/.svn/entries
What you see by these url? (https://<observium-url/.svn/entries https://%3cobservium-url/.svn/entries)
Normally if you use apache and mod_rewrite enabled and observium installed as described in official docs, you can not see content of this file (and .svn dir).
Details:Apache Subversion Module Metadata Accessible
OID:1.3.6.1.4.1.25623.1.0.105099
But we checked at Observium Apache Server and found that we have not Load any module for Subversion.
So, Please suggest how to solve this vulnerability and if I delete or move .svn folder Will it impact to my running observium?
….
With Best Regards,
Chaman Rathee
Mob. No. :- 9560055816
Fabrikam
Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), please delete this message and kindly notify the sender by an emailed reply. Opinions, conclusions and other information in this message that do not relate to the official business of Progression and its associate entities shall be understood as neither given nor endorsed by them.
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium