/vulndb/Version Control Files

These files are used by version control software to store meta-data and configurations about the repository used to store the application’s source code.

An attacker may extract information like logins and keys that could allow him to access the repository server and download the web application source code.

Solution

These files should not be publicly accessible. You should disallow version control directories to be accessible trough the web server.

References

http://en.wikipedia.org/wiki/Version_control http://en.wikipedia.org/wiki/Git_(software) http://en.wikipedia.org/wiki/Mercurial http://en.wikipedia.org/wiki/Apache_Subversion