Description

Subversion metadata directory (.svn) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that popular version control tool Subversion creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem.

Remediation

Remove these files from production systems or restrict access to the .svn directory. To deny access to all the .svn folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess): 

<Directory ~ "\.svn">
Order allow,deny
Deny from all
</Directory>

References

Apache Tips & Tricks: Deny access to some folders

Related Vulnerabilities

WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)

WordPress Plugin BuddyPress Information Disclosure (5.1.1)

WordPress Plugin BulletProof Security Information Disclosure (5.1)

Apache Tomcat version older than 6.0.11

SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability

Severity

High

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

Information Disclosure Source Code Disclosure Test Files Dev Files