CVE-2010-0004 Information

Feb 14, 2021 cve

Description

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root which might allow remote attackers to discover private root names by reading this view.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://viewvc.tigris.org/source/browse/checkout/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300 http://www.openwall.com/lists/oss-security/2010/01/11/2 http://www.openwall.com/lists/oss-security/2010/01/13/5 http://www.openwall.com/lists/oss-security/2010/01/14/4 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html

Share on: