CVE-2010-0004
CVE-2010-0004
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.htmlhttp://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEADhttp://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300http://www.openwall.com/lists/oss-security/2010/01/11/2http://www.openwall.com/lists/oss-security/2010/01/13/5http://www.openwall.com/lists/oss-security/2010/01/14/4