CVE-2004-0749

NONE EPSS 70.3%
Published Dec 23, 200421y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 23, 2004 21y ago
Last Modified Jun 16, 2026 2w ago

Description

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.

Threat Intelligence

EPSS Exploit Probability
70.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 19

VendorProductVersionRange
subversionsubversion1.0any
subversionsubversion1.0.1any
subversionsubversion1.0.2any
subversionsubversion1.0.3any
subversionsubversion1.0.4any
subversionsubversion1.0.5any
subversionsubversion1.0.6any
subversionsubversion1.0.7any
subversionsubversion1.1.0_rc1any
subversionsubversion1.1.0_rc2any
subversionsubversion1.1.0_rc3any
gentoolinux0.5any
gentoolinux0.7any
gentoolinux1.1aany
gentoolinux1.2any
gentoolinux1.4any
gentoolinux1.4any
gentoolinux1.4any
gentoolinux1.4any

References 5

Remediation

  • subversion.tigris.org http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/11243
    PatchVendor Advisory