![]() This can lead to disruption for users of the server. ![]() In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. Both httpd and svnserve servers are vulnerable.Ī Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Only the 'copyfrom' path is revealed not its contents. This also reveals the fact that the node was copied. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules.
0 Comments
Leave a Reply. |