CVE-2004-0749
First published: Fri Nov 19 2004(Updated: )
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Subversion | =1.0.4 | |
| Apache Subversion | =1.0.5 | |
| Apache Subversion | =1.1.0_rc3 | |
| Apache Subversion | =1.0.2 | |
| Apache Subversion | =1.0.7 | |
| Apache Subversion | =1.1.0_rc2 | |
| Apache Subversion | =1.0.1 | |
| Apache Subversion | =1.0 | |
| Apache Subversion | =1.0.6 | |
| Apache Subversion | =1.1.0_rc1 | |
| Apache Subversion | =1.0.3 | |
| Gentoo Linux | =1.4-rc1 | |
| Gentoo Linux | =1.4-rc3 | |
| Gentoo Linux | =0.5 | |
| Gentoo Linux | =1.1a | |
| Gentoo Linux | =1.4 | |
| Gentoo Linux | =0.7 | |
| Gentoo Linux | =1.2 | |
| Gentoo Linux | =1.4-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-0749?
CVE-2004-0749 is considered a medium severity vulnerability due to its ability to expose sensitive information.
How do I fix CVE-2004-0749?
To fix CVE-2004-0749, upgrade to Subversion version 1.0.8 or later, which addresses this access restriction issue.
What are the affected versions of Subversion in CVE-2004-0749?
CVE-2004-0749 affects Subversion versions 1.0.7 and earlier.
What attacks are possible due to CVE-2004-0749?
Attackers can exploit CVE-2004-0749 to gain unauthorized access to sensitive information through commands like svn log -v, svn propget, and svn blame.
Is CVE-2004-0749 related to specific software only?
Yes, CVE-2004-0749 specifically impacts the mod_authz_svn module within certain versions of CollabNet Subversion.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/subversion
- canonical/apache subversion
- version/apache subversion/1.0.4
- version/apache subversion/1.0.5
- version/apache subversion/1.1.0_rc3
- version/apache subversion/1.0.2
- version/apache subversion/1.0.7
- version/apache subversion/1.1.0_rc2
- version/apache subversion/1.0.1
- version/apache subversion/1.0
- version/apache subversion/1.0.6
- version/apache subversion/1.1.0_rc1
- version/apache subversion/1.0.3
- vendor/gentoo
- canonical/gentoo linux
- version/gentoo linux/1.4-rc1
- version/gentoo linux/1.4-rc3
- version/gentoo linux/0.5
- version/gentoo linux/1.1a
- version/gentoo linux/1.4
- version/gentoo linux/0.7
- version/gentoo linux/1.2
- version/gentoo linux/1.4-rc2