CVE-2015-3187 – subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
https://notcve.org/view.php?id=CVE-2015-3187
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios remotos autenticados obtener información de ruta sensible leyendo el historial de un nodo que ha sido movido desde una ruta oculta. It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-1633.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-3187-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://www.securityfocus.com/bid/76273 http://www.securitytracker.com/id/1033215 http://www.ubuntu.com/usn/USN-2721-1 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3184 – subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3184
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Vulnerabilidad en mod_authz_svn en Apache Subversion 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, al utilizar Apache httpd 2.4.x, no restringe correctamente el acceso anónimo, lo que permite a usuarios anónimos remotos leer archivos ocultos a través del nombre de la ruta. It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-3184-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://www.securityfocus.com/bid/76274 http://www.securitytracker.com/id/1033215 http://www.ubuntu.com/usn/USN-2721-1 https://security.gentoo.org/glsa/201610-05 https://support • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVE-2015-3185 – httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
https://notcve.org/view.php?id=CVE-2015-3185
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Vulnerabilidad en la función ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en su versión 2.4.x anteriores a la 2.4.14 no considera que una directiva Require puede estar asociada con el establecimiento de una autorización en lugar de un ajuste de autenticación lo cual permite a atacantes remotos evadir las restricciones destinadas al acceso en circunstancias oportunas mediante el aprovechamiento de la presencia de un módulo que se basa en el comportamiento en la API 2.2. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html http://rhn.redhat.com/errata/RHSA-2015-1666.html http://rhn.redhat.com/errata/RHSA-2015-1667.html http://rhn.redhat.com/errata/RHSA-2016-2957.htm • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVE-2015-3027
https://notcve.org/view.php?id=CVE-2015-3027
Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program. Clang en LLVM, utilizado en Apple Xcode anterior a 6.3, realiza reservas del registro incorrectas de una forma que provoca almacenaje de pila para punteros de las cookies de la pila, lo que podría permitir a atacantes dependientes de contexto evadir un mecanismo de protección de guard pilas a través de entradas manipuladas en un programa C afectado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html http://www.securityfocus.com/bid/73987 http://www.securitytracker.com/id/1032081 https://support.apple.com/HT204663 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-1149
https://notcve.org/view.php?id=CVE-2015-1149
Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. Desbordamiento de enteros en el simulador en Swift en Apple Xcode anterior a 6.3 permite a atacantes dependientes de contexto causar una denegación de servicioo posiblemente tener otro impacto no especificado mediante la provocación de un resulto incorrecto de una conversión de tipos. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html http://www.securitytracker.com/id/1032049 https://support.apple.com/HT204663 • CWE-189: Numeric Errors •