CVE-2010-4644 [Low] | Information Disclosure in Subversion

CVE-2010-4644 is rated High Exploit Risk (63.1/100): CVSS Low severity, with high exploitation likelihood (EPSS 4.46%, 90th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +2.50% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Published	Link
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	1.96%	4.46%	+2.50%
2	2026-05-31	1.45%	1.96%	+0.51%
3	2026-01-31	—	1.45%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

1.96%

4.46%

+2.50%

2026-05-31

1.45%

1.96%

+0.51%

2026-01-31

—

1.45%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
3.5	2.0	LOW	`AV:N/AC:M/Au:S/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	6.8	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

3.5

2.0

LOW

AV:N/AC:M/Au:S/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

6.8

2.9

[email protected]

OS Trackers for CVE-2010-4644

vendor	priority	summary	link
`debian`	low	CVE-2010-4644 low priority: Debian including 1 source packages (subversion), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2010-4644
`gentoo`	low	CVE-2010-4644: 1 GLSA(s) (201309-11), 1 atom(s) (dev-vcs/subversion); latest impact low.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-4644
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2010-4644
`ubuntu`	medium	CVE-2010-4644 medium priority: Ubuntu including 1 source packages (subversion), 6 status rows across 6 suites (dapper, hardy, karmic, lucid, maverick, upstream): released 4, not-affected 2.	https://ubuntu.com/security/CVE-2010-4644

Affected software / configurations for CVE-2010-4644

Vendor	Product	Version	Raw CPE
apache	subversion	<= 1.6.14	cpe:2.3:a:apache:subversion::::::::
apache	subversion	0.6	cpe:2.3:a:apache:subversion:0.6:::::::*
apache	subversion	0.7	cpe:2.3:a:apache:subversion:0.7:::::::*
apache	subversion	0.8	cpe:2.3:a:apache:subversion:0.8:::::::*
apache	subversion	0.9	cpe:2.3:a:apache:subversion:0.9:::::::*
apache	subversion	0.10.0	cpe:2.3:a:apache:subversion:0.10.0:::::::*
apache	subversion	0.10.1	cpe:2.3:a:apache:subversion:0.10.1:::::::*
apache	subversion	0.10.2	cpe:2.3:a:apache:subversion:0.10.2:::::::*
apache	subversion	0.11.1	cpe:2.3:a:apache:subversion:0.11.1:::::::*
apache	subversion	0.12.0	cpe:2.3:a:apache:subversion:0.12.0:::::::*
apache	subversion	0.13.0	cpe:2.3:a:apache:subversion:0.13.0:::::::*
apache	subversion	0.13.1	cpe:2.3:a:apache:subversion:0.13.1:::::::*
apache	subversion	0.13.2	cpe:2.3:a:apache:subversion:0.13.2:::::::*
apache	subversion	0.14.0	cpe:2.3:a:apache:subversion:0.14.0:::::::*
apache	subversion	0.14.1	cpe:2.3:a:apache:subversion:0.14.1:::::::*
apache	subversion	0.14.2	cpe:2.3:a:apache:subversion:0.14.2:::::::*
apache	subversion	0.14.3	cpe:2.3:a:apache:subversion:0.14.3:::::::*
apache	subversion	0.14.4	cpe:2.3:a:apache:subversion:0.14.4:::::::*
apache	subversion	0.14.5	cpe:2.3:a:apache:subversion:0.14.5:::::::*
apache	subversion	0.15	cpe:2.3:a:apache:subversion:0.15:::::::*
apache	subversion	0.16	cpe:2.3:a:apache:subversion:0.16:::::::*
apache	subversion	0.16.1	cpe:2.3:a:apache:subversion:0.16.1:::::::*
apache	subversion	0.17.0	cpe:2.3:a:apache:subversion:0.17.0:::::::*
apache	subversion	0.17.1	cpe:2.3:a:apache:subversion:0.17.1:::::::*
apache	subversion	0.18.0	cpe:2.3:a:apache:subversion:0.18.0:::::::*
apache	subversion	0.18.1	cpe:2.3:a:apache:subversion:0.18.1:::::::*
apache	subversion	0.19.0	cpe:2.3:a:apache:subversion:0.19.0:::::::*
apache	subversion	0.19.1	cpe:2.3:a:apache:subversion:0.19.1:::::::*
apache	subversion	0.20.0	cpe:2.3:a:apache:subversion:0.20.0:::::::*
apache	subversion	0.20.1	cpe:2.3:a:apache:subversion:0.20.1:::::::*
apache	subversion	0.21.0	cpe:2.3:a:apache:subversion:0.21.0:::::::*
apache	subversion	0.22.0	cpe:2.3:a:apache:subversion:0.22.0:::::::*
apache	subversion	0.22.1	cpe:2.3:a:apache:subversion:0.22.1:::::::*
apache	subversion	0.22.2	cpe:2.3:a:apache:subversion:0.22.2:::::::*
apache	subversion	0.23.0	cpe:2.3:a:apache:subversion:0.23.0:::::::*
apache	subversion	0.24.0	cpe:2.3:a:apache:subversion:0.24.0:::::::*
apache	subversion	0.24.1	cpe:2.3:a:apache:subversion:0.24.1:::::::*
apache	subversion	0.24.2	cpe:2.3:a:apache:subversion:0.24.2:::::::*
apache	subversion	0.25.0	cpe:2.3:a:apache:subversion:0.25.0:::::::*
apache	subversion	0.26.0	cpe:2.3:a:apache:subversion:0.26.0:::::::*
apache	subversion	0.27.0	cpe:2.3:a:apache:subversion:0.27.0:::::::*
apache	subversion	0.28.0	cpe:2.3:a:apache:subversion:0.28.0:::::::*
apache	subversion	0.28.1	cpe:2.3:a:apache:subversion:0.28.1:::::::*
apache	subversion	0.28.2	cpe:2.3:a:apache:subversion:0.28.2:::::::*
apache	subversion	0.29.0	cpe:2.3:a:apache:subversion:0.29.0:::::::*
apache	subversion	0.30.0	cpe:2.3:a:apache:subversion:0.30.0:::::::*
apache	subversion	0.31.0	cpe:2.3:a:apache:subversion:0.31.0:::::::*
apache	subversion	0.32.1	cpe:2.3:a:apache:subversion:0.32.1:::::::*
apache	subversion	0.33.0	cpe:2.3:a:apache:subversion:0.33.0:::::::*
apache	subversion	0.33.1	cpe:2.3:a:apache:subversion:0.33.1:::::::*
apache	subversion	0.34.0	cpe:2.3:a:apache:subversion:0.34.0:::::::*
apache	subversion	0.35.0	cpe:2.3:a:apache:subversion:0.35.0:::::::*
apache	subversion	0.35.1	cpe:2.3:a:apache:subversion:0.35.1:::::::*
apache	subversion	0.36.0	cpe:2.3:a:apache:subversion:0.36.0:::::::*
apache	subversion	0.37.0	cpe:2.3:a:apache:subversion:0.37.0:::::::*
apache	subversion	1.0.0	cpe:2.3:a:apache:subversion:1.0.0:::::::*
apache	subversion	1.0.1	cpe:2.3:a:apache:subversion:1.0.1:::::::*
apache	subversion	1.0.2	cpe:2.3:a:apache:subversion:1.0.2:::::::*
apache	subversion	1.0.3	cpe:2.3:a:apache:subversion:1.0.3:::::::*
apache	subversion	1.0.4	cpe:2.3:a:apache:subversion:1.0.4:::::::*
apache	subversion	1.0.5	cpe:2.3:a:apache:subversion:1.0.5:::::::*
apache	subversion	1.0.6	cpe:2.3:a:apache:subversion:1.0.6:::::::*
apache	subversion	1.0.7	cpe:2.3:a:apache:subversion:1.0.7:::::::*
apache	subversion	1.0.8	cpe:2.3:a:apache:subversion:1.0.8:::::::*
apache	subversion	1.0.9	cpe:2.3:a:apache:subversion:1.0.9:::::::*
apache	subversion	1.1.0	cpe:2.3:a:apache:subversion:1.1.0:::::::*
apache	subversion	1.1.1	cpe:2.3:a:apache:subversion:1.1.1:::::::*
apache	subversion	1.1.2	cpe:2.3:a:apache:subversion:1.1.2:::::::*
apache	subversion	1.1.3	cpe:2.3:a:apache:subversion:1.1.3:::::::*
apache	subversion	1.1.4	cpe:2.3:a:apache:subversion:1.1.4:::::::*
apache	subversion	1.2.0	cpe:2.3:a:apache:subversion:1.2.0:::::::*
apache	subversion	1.2.1	cpe:2.3:a:apache:subversion:1.2.1:::::::*
apache	subversion	1.2.2	cpe:2.3:a:apache:subversion:1.2.2:::::::*
apache	subversion	1.2.3	cpe:2.3:a:apache:subversion:1.2.3:::::::*
apache	subversion	1.3.0	cpe:2.3:a:apache:subversion:1.3.0:::::::*
apache	subversion	1.3.1	cpe:2.3:a:apache:subversion:1.3.1:::::::*
apache	subversion	1.3.2	cpe:2.3:a:apache:subversion:1.3.2:::::::*
apache	subversion	1.4.0	cpe:2.3:a:apache:subversion:1.4.0:::::::*
apache	subversion	1.4.1	cpe:2.3:a:apache:subversion:1.4.1:::::::*
apache	subversion	1.4.2	cpe:2.3:a:apache:subversion:1.4.2:::::::*

References for CVE-2010-4644

URL	Tags
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203%40thepond.com%3E
http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E
http://openwall.com/lists/oss-security/2011/01/02/1
http://openwall.com/lists/oss-security/2011/01/04/10
http://openwall.com/lists/oss-security/2011/01/04/8
http://openwall.com/lists/oss-security/2011/01/05/4
http://secunia.com/advisories/42780	Vendor Advisory
http://secunia.com/advisories/42969
http://secunia.com/advisories/43115
http://secunia.com/advisories/43139
http://secunia.com/advisories/43346
http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES
http://svn.apache.org/viewvc?view=revision&revision=1032808
http://svn.haxx.se/dev/archive-2010-11/0102.shtml	Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2011:006
http://www.redhat.com/support/errata/RHSA-2011-0257.html
http://www.redhat.com/support/errata/RHSA-2011-0258.html
http://www.securityfocus.com/bid/45655
http://www.securitytracker.com/id?1024935
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2011/0015	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0103
http://www.vupen.com/english/advisories/2011/0162
http://www.vupen.com/english/advisories/2011/0264
https://exchange.xforce.ibmcloud.com/vulnerabilities/64473

URL

CVE-2010-4644

Public exploit references (Exploit-DB) for CVE-2010-4644

Exploit prediction scoring system (EPSS) score for CVE-2010-4644

Common vulnerability scoring system (CVSS) metrics for CVE-2010-4644

Weakness enumeration for CVE-2010-4644

OS Trackers for CVE-2010-4644

Affected software / configurations for CVE-2010-4644

References for CVE-2010-4644