CVE-2010-0004
CVE-2010-0004
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.htmlhttp://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEADhttp://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300http://www.openwall.com/lists/oss-security/2010/01/11/2http://www.openwall.com/lists/oss-security/2010/01/13/5http://www.openwall.com/lists/oss-security/2010/01/14/4