CVE-2010-0004

Published: Jan 29, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.

Affected (11)

Products: Viewvc: Viewvc

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Viewvc Viewvc	Version 1.0.1
Viewvc Viewvc	Version 1.0.2
Viewvc Viewvc	Version 1.0.3
Viewvc Viewvc	Version 1.0.4
Viewvc Viewvc	Version 1.0.5
Viewvc Viewvc	Version 1.0.6
Viewvc Viewvc	Version 1.0.7
Viewvc Viewvc	Version 1.0.8
Viewvc Viewvc	Version 1.1.0
Viewvc Viewvc	Version 1.1.1
Viewvc Viewvc	Version 1.1.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

Source: secalert@redhat.com

http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222

Source: secalert@redhat.com

http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD

Source: secalert@redhat.com

http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/11/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/13/5

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2010/01/14/4

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222

Source: af854a3a-2127-422b-91ae-364da2661108

http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD

Source: af854a3a-2127-422b-91ae-364da2661108

http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/11/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/13/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/01/14/4

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.