CVE-2004-0749

Published Dec 23, 2004

Last updated 7 years ago

CVSS info 5.0

Overview

Description: The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F10E314-3897-4A63-AE40-F4E34C3F0BFA"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47B95A69-2535-4844-B819-082D4349708C"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "930953B4-E972-48FB-913B-169E91F93FD6"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B41D875-F515-4A3F-9AA5-79BD09F74C30"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A8CCC20-8986-4028-B125-66F371A4A1D1"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E07F13C-A6FC-49E8-B10E-E4FC1F182DA5"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04AB9C70-10CB-460B-91AD-1D79C9153194"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1E718DB-2A79-4277-BA15-6E6A904E483A"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "286B7EBD-D663-440C-859B-1E0EE839AEB9"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "408EC889-4D8B-49FC-9281-AC85559BB774"
          },
          {
            "criteria": "cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E2A83E-A244-4F1E-85E9-6EA075D32C5B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "980553F2-8662-47CF-95F0-645141746AEA"
          },
          {
            "criteria": "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40EBF1CD-B392-4262-8F06-2C784ADAF0F0"
          },
          {
            "criteria": "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C00F84A-FCD4-4935-B7DE-ECBA6AE9B074"
          },
          {
            "criteria": "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "960DC6C2-B285-41D4-96F7-ED97F8BD5482"
          },
          {
            "criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB"
          },
          {
            "criteria": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1FD0EB4-E744-4465-AFEE-A3C807C9C993"
          },
          {
            "criteria": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D866A7D-F0B9-4EA3-93C6-1E7C2C2A861F"
          },
          {
            "criteria": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57772E3B-893C-408A-AA3B-78C972ED4D5E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References