CVE-2010-0004
NONE EPSS 83.5%
Published Jan 29, 201016y ago · Modified Jun 16, 20262w ago
Published Jan 29, 2010 16y ago
Last Modified Jun 16, 2026 2w ago
Description
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
Threat Intelligence
EPSS Exploit Probability
83.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 11
References 9
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
- viewvc.tigris.org http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222
- viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD
- viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300
- openwall.com http://www.openwall.com/lists/oss-security/2010/01/11/2
- openwall.com http://www.openwall.com/lists/oss-security/2010/01/13/5
- openwall.com http://www.openwall.com/lists/oss-security/2010/01/14/4
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.