Описание
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-0004
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
- http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222
- http://viewvc.tigris.org/source/browse/*checkout*/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222
- http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD
- http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300
- http://www.openwall.com/lists/oss-security/2010/01/11/2
- http://www.openwall.com/lists/oss-security/2010/01/13/5
- http://www.openwall.com/lists/oss-security/2010/01/14/4
Связанные уязвимости
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
ViewVC before 1.1.3 composes the root listing view without using the a ...