CVE-2004-0749

Sažetak

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.

Reference

http://fedoranews.org/updates/FEDORA-2004-318.shtml
http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt
http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml
http://www.securityfocus.com/bid/11243
https://exchange.xforce.ibmcloud.com/vulnerabilities/17472

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

23-12-2004 - 05:00