CVE-2004-0749

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.

Published: 2004-12-23 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2004-0749 is rated Moderate Risk (43.3/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.62%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2004-0749

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 0.92% 0.62% -0.30%
2 2025-03-29 0.62% 0.92% +0.30%
3 2025-03-17 0.62%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2004-0749

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2004-0749

OS Trackers for CVE-2004-0749

vendor priority summary link
debian not yet assigned CVE-2004-0749 not yet assigned priority: Debian including 1 source packages (subversion), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2004-0749
ubuntu medium CVE-2004-0749 medium priority: Ubuntu including 1 source packages (subversion), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): released 3, needs-triage 1. https://ubuntu.com/security/CVE-2004-0749

Affected software / configurations for CVE-2004-0749

Vendor Product Version Raw CPE
subversion subversion 1.0 cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
subversion subversion 1.0.1 cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
subversion subversion 1.0.2 cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
subversion subversion 1.0.3 cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
subversion subversion 1.0.4 cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
subversion subversion 1.0.5 cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*
subversion subversion 1.0.6 cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*
subversion subversion 1.0.7 cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*
subversion subversion 1.1.0_rc1 cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*
subversion subversion 1.1.0_rc2 cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*
subversion subversion 1.1.0_rc3 cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*
gentoo linux 0.5 cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*
gentoo linux 0.7 cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*
gentoo linux 1.1a cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*
gentoo linux 1.2 cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*
gentoo linux 1.4 cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
gentoo linux 1.4 cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
gentoo linux 1.4 cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
gentoo linux 1.4 cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*

References for CVE-2004-0749

cvelogic Threat Intelligence