Unrated severityNVD Advisory· Published Dec 23, 2004· Updated Apr 16, 2026
CVE-2004-0749
CVE-2004-0749
Description
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
Affected products
19cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- subversion.tigris.org/security/CAN-2004-0749-advisory.txtnvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200409-35.xmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/11243nvdPatchVendor Advisory
- fedoranews.org/updates/FEDORA-2004-318.shtmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17472nvd
News mentions
0No linked articles in our index yet.