3 matches found
CVE-2010-0004
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view...
CVE-2010-0004
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, potentially allowing remote attackers to discover private root names by reading the view. Affected component: ViewVC (core request handling for root listings). Root cause: authorization not enforced at ...
openSUSE Security Update : viewvc (viewvc-1859)
The viewvc update fixes the following security problems : - add root listing support of per-root authz config CVE-2010-0004. - query.py requires 'forbidden' authorizer or none in config CVE-2010-0005. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...