Source Code Disclosure - SVN

The web server exposes Subversion (SVN) repository metadata files such as .svn/entries or .svn/wc.db, allowing attackers to reconstruct source code and repository history. This detector identifies when SVN version control files are accessible through direct web requests.

Accessible SVN metadata enables attackers to download source code, configuration files, and repository history without authentication. Attackers can extract hardcoded credentials, database connection strings, proprietary business logic, and security-sensitive code. The repository history may also reveal information about infrastructure, deployment processes, and previously fixed vulnerabilities that could affect other systems.

Ensure that SVN metadata files are not deployed to the web server or application server. Configure web server rules to deny access to .svn directories, or exclude them entirely from deployment packages. Use proper build and deployment processes that export clean code without version control artifacts.