CVE-2004-1438

2005-02-1305:00:00

mitre

web.nvd.nist.gov

cve-2004-1438

mod_authz_svn

apache

subversion 1.0.4

security vulnerability

authenticated users

repository

svn copy command

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

57.2%

JSON

The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.

Affected configurations

Nvd

Node

subversionsubversionMatch1.0

subversionsubversionMatch1.0.1

subversionsubversionMatch1.0.2

subversionsubversionMatch1.0.3

subversionsubversionMatch1.0.4

subversionsubversionMatch1.0.5

VendorProductVersionCPE
subversionsubversion1.0cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
subversionsubversion1.0.1cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
subversionsubversion1.0.2cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
subversionsubversion1.0.3cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
subversionsubversion1.0.4cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
subversionsubversion1.0.5cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
subversion	subversion	1.0	cpe:2.3:a:subversion:subversion:1.0:::::::*
subversion	subversion	1.0.1	cpe:2.3:a:subversion:subversion:1.0.1:::::::*
subversion	subversion	1.0.2	cpe:2.3:a:subversion:subversion:1.0.2:::::::*
subversion	subversion	1.0.3	cpe:2.3:a:subversion:subversion:1.0.3:::::::*
subversion	subversion	1.0.4	cpe:2.3:a:subversion:subversion:1.0.4:::::::*
subversion	subversion	1.0.5	cpe:2.3:a:subversion:subversion:1.0.5:::::::*