CVE-2004-0749

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml	Patch Vendor Advisory
http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt	Patch Vendor Advisory
http://www.securityfocus.com/bid/11243	Patch Vendor Advisory
http://fedoranews.org/updates/FEDORA-2004-318.shtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/17472

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:subversion:subversion:1.0.1:::::::*
	cpe:2.3:a:subversion:subversion:1.0.2:::::::*
	cpe:2.3:a:subversion:subversion:1.1.0_rc3:::::::*
	cpe:2.3:a:subversion:subversion:1.0.3:::::::*
	cpe:2.3:a:subversion:subversion:1.0.4:::::::*
	cpe:2.3:a:subversion:subversion:1.0.5:::::::*
	cpe:2.3:a:subversion:subversion:1.0.6:::::::*
	cpe:2.3:a:subversion:subversion:1.0.7:::::::*
	cpe:2.3:a:subversion:subversion:1.0:::::::*
	cpe:2.3:a:subversion:subversion:1.1.0_rc1:::::::*
	cpe:2.3:a:subversion:subversion:1.1.0_rc2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:gentoo:linux:1.4:rc2::::::
	cpe:2.3:o:gentoo:linux:1.4:rc3::::::
	cpe:2.3:o:gentoo:linux:0.5:::::::*
	cpe:2.3:o:gentoo:linux:0.7:::::::*
	cpe:2.3:o:gentoo:linux:1.1a:::::::*
	cpe:2.3:o:gentoo:linux:1.2:::::::*
	cpe:2.3:o:gentoo:linux:1.4:::::::*
	cpe:2.3:o:gentoo:linux:1.4:rc1::::::

Information

Published : 2004-12-22 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0749

Mitre link : CVE-2004-0749

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

subversion

subversion

gentoo

linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml", "name": "GLSA-200409-35", "tags": ["Patch", "Vendor Advisory"], "refsource": "GENTOO"}, {"url": "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt", "name": "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/11243", "name": "11243", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://fedoranews.org/updates/FEDORA-2004-318.shtml", "name": "FEDORA-2004-318", "tags": [], "refsource": "FEDORA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17472", "name": "subversion-information-disclosure(17472)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0749", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-23T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}