PRIOn knowledge basePRION:CVE-2010-0004

HistoryJan 29, 2010 - 6:30 p.m.

Code injection

2010-01-2918:30:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.2%

JSON

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.

CPENameOperatorVersion
viewvceq1.0.2
viewvceq1.0.1
viewvceq1.0.5
viewvceq1.1.2
viewvceq1.1.0
viewvceq1.1.1
viewvceq1.0.3
viewvceq1.0.4
viewvceq1.0.6
viewvceq1.0.8

Name	Operator	Version
viewvc	eq	1.0.2
viewvc	eq	1.0.1
viewvc	eq	1.0.5
viewvc	eq	1.1.2
viewvc	eq	1.1.0
viewvc	eq	1.1.1
viewvc	eq	1.0.3
viewvc	eq	1.0.4
viewvc	eq	1.0.6
viewvc	eq	1.0.8

Rows per page:

1-10 of 111

References

lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222

viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD

viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300

www.openwall.com/lists/oss-security/2010/01/11/2

www.openwall.com/lists/oss-security/2010/01/13/5

www.openwall.com/lists/oss-security/2010/01/14/4

www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for PRION:CVE-2010-0004