Описание
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00662
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
ubuntu
больше 17 лет назад
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
debian
больше 17 лет назад
ViewVC before 1.0.5 stores sensitive information under the web root wi ...
github
больше 3 лет назад
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
EPSS
Процентиль: 70%
0.00662
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200