ViewVC Versions Prior To 1.1.3 Multiple Remote Vulnerabilities Network Vulnerability

Summary

ViewVC is prone to these security vulnerabilities: - A security vulnerability that involves root listing of per-root authorization configuration. - A security vulnerability in 'query.py' involving the 'forbidden' authorizer (or none). Versions prior to ViewVC 1.1.3 are vulnerable.

Solution

Vendor updates are available. Please see the references for details.

References

http://viewvc.tigris.org/
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
http://www.securityfocus.com/bid/37518

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0004, CVE-2010-0005
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
admin.cgi overflow
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
AjaXplorer zoho plugin Directory Traversal Vulnerability

ViewVC Versions Prior to 1.1.3 Multiple Remote Vulnerabilities

Take action and discover your vulnerabilities