1. CVE-Search
  2. CVE-2004-0749
ID CVE-2004-0749
Summary The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
References
Vulnerable Configurations
  • cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 11243
confirm http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt
fedora FEDORA-2004-318
gentoo GLSA-200409-35
xf subversion-information-disclosure(17472)
Last major update 11-07-2017 - 01:30
Published 23-12-2004 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top