The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
References
Link | Resource |
---|---|
http://fedoranews.org/updates/FEDORA-2004-318.shtml | |
http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt | Patch Vendor Advisory |
http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml | Patch Vendor Advisory |
http://www.securityfocus.com/bid/11243 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17472 | |
http://fedoranews.org/updates/FEDORA-2004-318.shtml | |
http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt | Patch Vendor Advisory |
http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml | Patch Vendor Advisory |
http://www.securityfocus.com/bid/11243 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17472 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Nov 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://fedoranews.org/updates/FEDORA-2004-318.shtml - | |
References | () http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt - Patch, Vendor Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/11243 - Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/17472 - |
Information
Published : 2004-12-23 05:00
Updated : 2024-11-20 23:49
NVD link : CVE-2004-0749
Mitre link : CVE-2004-0749
CVE.ORG link : CVE-2004-0749
JSON object : View
Products Affected
subversion
- subversion
gentoo
- linux
CWE