CVE-2004-0749
NONE EPSS 70.3%
Published Dec 23, 200421y ago · Modified Jun 16, 20262w ago
Published Dec 23, 2004 21y ago
Last Modified Jun 16, 2026 2w ago
Description
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
Threat Intelligence
EPSS Exploit Probability
70.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 19
| Vendor | Product | Version | Range |
|---|---|---|---|
| subversion | subversion | 1.0 | any |
| subversion | subversion | 1.0.1 | any |
| subversion | subversion | 1.0.2 | any |
| subversion | subversion | 1.0.3 | any |
| subversion | subversion | 1.0.4 | any |
| subversion | subversion | 1.0.5 | any |
| subversion | subversion | 1.0.6 | any |
| subversion | subversion | 1.0.7 | any |
| subversion | subversion | 1.1.0_rc1 | any |
| subversion | subversion | 1.1.0_rc2 | any |
| subversion | subversion | 1.1.0_rc3 | any |
| gentoo | linux | 0.5 | any |
| gentoo | linux | 0.7 | any |
| gentoo | linux | 1.1a | any |
| gentoo | linux | 1.2 | any |
| gentoo | linux | 1.4 | any |
| gentoo | linux | 1.4 | any |
| gentoo | linux | 1.4 | any |
| gentoo | linux | 1.4 | any |
References 5
- fedoranews.org http://fedoranews.org/updates/FEDORA-2004-318.shtml
- subversion.tigris.org http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml
- securityfocus.com http://www.securityfocus.com/bid/11243
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17472
Remediation
- subversion.tigris.org http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml
- securityfocus.com http://www.securityfocus.com/bid/11243