CVE-2004-0749

Description

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.

How to fix CVE-2004-0749

To remediate CVE-2004-0749, upgrade the affected package to a fixed version below.

• Debian/subversion—upgrade to 1.0.9-2 or later

Is CVE-2004-0749 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.0.9-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-0749