CVE-2004-0749

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*
cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*

History

20 Nov 2024, 23:49

Type Values Removed Values Added
References () http://fedoranews.org/updates/FEDORA-2004-318.shtml - () http://fedoranews.org/updates/FEDORA-2004-318.shtml -
References () http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt - Patch, Vendor Advisory () http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt - Patch, Vendor Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml - Patch, Vendor Advisory () http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/11243 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/11243 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17472 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17472 -

Information

Published : 2004-12-23 05:00

Updated : 2024-11-20 23:49


NVD link : CVE-2004-0749

Mitre link : CVE-2004-0749

CVE.ORG link : CVE-2004-0749


JSON object : View

Products Affected

subversion

  • subversion

gentoo

  • linux