SVN repository found

SVN repository found

Published on 2009-09-25. Updated on 2009-09-25.

Description:
Subversion metadata directory (.svn) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that popular version control tool Subversion creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem.

Impact:
These files may expose sensitive information that may help an malicious user to prepare more advanced attacks.

Recommendation:
Remove these files from production systems or restrict access to the .svn directory. To deny access to all the .svn folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess):

Order allow,deny Deny from all

Tags: Scripts

Alert Tags: information_disclosure
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: All

References:

Apache Tips & Tricks: Deny access to some folders

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking