CVE-2011-1921
EPSS 4.0%
Description
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
How to fix CVE-2011-1921
To remediate CVE-2011-1921, upgrade the affected package to a fixed version below.
- Debian/subversion—upgrade to 1.6.17dfsg-1 or later
Is CVE-2011-1921 being exploited?
Low — EPSS is 4.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.6.17dfsg-1