Lucene search

[email protected]NVD:CVE-2010-0004

HistoryJan 29, 2010 - 6:30 p.m.

CVE-2010-0004

2010-01-2918:30:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.1%

JSON

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.

Affected configurations

Nvd

Node

viewvcviewvcMatch1.0.1

viewvcviewvcMatch1.0.2

viewvcviewvcMatch1.0.3

viewvcviewvcMatch1.0.4

viewvcviewvcMatch1.0.5

viewvcviewvcMatch1.0.6

viewvcviewvcMatch1.0.7

viewvcviewvcMatch1.0.8

viewvcviewvcMatch1.1.0

viewvcviewvcMatch1.1.1

viewvcviewvcMatch1.1.2

References

lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222

viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD

viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300

www.openwall.com/lists/oss-security/2010/01/11/2

www.openwall.com/lists/oss-security/2010/01/13/5

www.openwall.com/lists/oss-security/2010/01/14/4

www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.1%

JSON

Related for NVD:CVE-2010-0004

cvelist1 debiancve1 cve1 prion1 ubuntucve1 openvas4 nessus3 suse1