← volver
CVE-2010-0004

CVE-2010-0004

EPSS 2.7%
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.htmlhttp://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEADhttp://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300http://www.openwall.com/lists/oss-security/2010/01/11/2http://www.openwall.com/lists/oss-security/2010/01/13/5http://www.openwall.com/lists/oss-security/2010/01/14/4