First published: Fri Nov 19 2004(Updated: )
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Subversion Subversion | =1.0.4 | |
Subversion Subversion | =1.0.5 | |
Subversion Subversion | =1.1.0_rc3 | |
Subversion Subversion | =1.0.2 | |
Subversion Subversion | =1.0.7 | |
Subversion Subversion | =1.1.0_rc2 | |
Subversion Subversion | =1.0.1 | |
Subversion Subversion | =1.0 | |
Subversion Subversion | =1.0.6 | |
Subversion Subversion | =1.1.0_rc1 | |
Subversion Subversion | =1.0.3 | |
Gentoo Linux | =1.4-rc1 | |
Gentoo Linux | =1.4-rc3 | |
Gentoo Linux | =0.5 | |
Gentoo Linux | =1.1a | |
Gentoo Linux | =1.4 | |
Gentoo Linux | =0.7 | |
Gentoo Linux | =1.2 | |
Gentoo Linux | =1.4-rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.