CVE-2010-0004
N/A
N/A
Summary
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html
- http://www.openwall.com/lists/oss-security/2010/01/13/5
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html
- http://www.openwall.com/lists/oss-security/2010/01/11/2
- http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222
- http://www.openwall.com/lists/oss-security/2010/01/14/4
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
- http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300
References
- http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html
- http://www.openwall.com/lists/oss-security/2010/01/13/5
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html
- http://www.openwall.com/lists/oss-security/2010/01/11/2
- http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222
- http://www.openwall.com/lists/oss-security/2010/01/14/4
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
- http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.