Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Exposed .svn Directories

Published: 2013-12-28
Last Updated: 2013-12-30 03:25:21 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

For the last few years, we have been using subversion to manage our source code and move code live. One thing we overlooked was the fact that the .svn directories were exposed on our web server. Thanks to Ehraz and Umraz Ahmed ( #securityexe and #umrazahmed on twitter) for reporting this problem to us.

As a solution, we made a couple of configuration changes:

- prevented access to the directories via a "<Directory>" directive,
- added respective rules to our web application firewall.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: svn
1 comment(s)
Diary Archives