CVE-2004-0749
Summary
| CVE | CVE-2004-0749 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-12-23 05:00:00 UTC |
| Updated | 2017-07-11 01:30:00 UTC |
| Description | The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Gentoo | Linux | 0.5 | All | All | All |
| Operating System | Gentoo | Linux | 0.7 | All | All | All |
| Operating System | Gentoo | Linux | 1.1a | All | All | All |
| Operating System | Gentoo | Linux | 1.2 | All | All | All |
| Operating System | Gentoo | Linux | 1.4 | All | All | All |
| Operating System | Gentoo | Linux | 1.4 | rc1 | All | All |
| Operating System | Gentoo | Linux | 1.4 | rc2 | All | All |
| Operating System | Gentoo | Linux | 1.4 | rc3 | All | All |
| Operating System | Gentoo | Linux | 0.5 | All | All | All |
| Operating System | Gentoo | Linux | 0.7 | All | All | All |
| Operating System | Gentoo | Linux | 1.1a | All | All | All |
| Operating System | Gentoo | Linux | 1.2 | All | All | All |
| Operating System | Gentoo | Linux | 1.4 | All | All | All |
| Operating System | Gentoo | Linux | 1.4 | rc1 | All | All |
| Operating System | Gentoo | Linux | 1.4 | rc2 | All | All |
| Operating System | Gentoo | Linux | 1.4 | rc3 | All | All |
| Application | Subversion | Subversion | 1.0 | All | All | All |
| Application | Subversion | Subversion | 1.0.1 | All | All | All |
| Application | Subversion | Subversion | 1.0.2 | All | All | All |
| Application | Subversion | Subversion | 1.0.3 | All | All | All |
| Application | Subversion | Subversion | 1.0.4 | All | All | All |
| Application | Subversion | Subversion | 1.0.5 | All | All | All |
| Application | Subversion | Subversion | 1.0.6 | All | All | All |
| Application | Subversion | Subversion | 1.0.7 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc1 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc2 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc3 | All | All | All |
| Application | Subversion | Subversion | 1.0 | All | All | All |
| Application | Subversion | Subversion | 1.0.1 | All | All | All |
| Application | Subversion | Subversion | 1.0.2 | All | All | All |
| Application | Subversion | Subversion | 1.0.3 | All | All | All |
| Application | Subversion | Subversion | 1.0.4 | All | All | All |
| Application | Subversion | Subversion | 1.0.5 | All | All | All |
| Application | Subversion | Subversion | 1.0.6 | All | All | All |
| Application | Subversion | Subversion | 1.0.7 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc1 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc2 | All | All | All |
| Application | Subversion | Subversion | 1.1.0_rc3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Subversion Mod_Authz_Svn Metadata Information Disclosure Vulnerability | BID | www.securityfocus.com | Patch, Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Gentoo Linux Documentation -- Subversion: Metadata information leak | GENTOO | www.gentoo.org | Patch, Vendor Advisory |
| subversion.tigris.org/security/CAN-2004-0749-advisory.txt | CONFIRM | subversion.tigris.org | Patch, Vendor Advisory |
| FedoraNEWS.ORG | FEDORA | fedoranews.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.