/vulndb/Version Control Files

These files are used by version control software to store meta-data and configurations about the repository used to store the application’s source code.

An attacker may extract information like logins and keys that could allow him to access the repository server and download the web application source code.


These files should not be publicly accessible. You should disallow version control directories to be accessible trough the web server.


http://en.wikipedia.org/wiki/Version_control http://en.wikipedia.org/wiki/Git_(software) http://en.wikipedia.org/wiki/Mercurial http://en.wikipedia.org/wiki/Apache_Subversion