CVE-2010-0004

NONE EPSS 83.5%
Published Jan 29, 201016y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 29, 2010 16y ago
Last Modified Jun 16, 2026 2w ago

Description

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.

Threat Intelligence

EPSS Exploit Probability
83.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 11

VendorProductVersionRange
viewvcviewvc1.0.1any
viewvcviewvc1.0.2any
viewvcviewvc1.0.3any
viewvcviewvc1.0.4any
viewvcviewvc1.0.5any
viewvcviewvc1.0.6any
viewvcviewvc1.0.7any
viewvcviewvc1.0.8any
viewvcviewvc1.1.0any
viewvcviewvc1.1.1any
viewvcviewvc1.1.2any

References 9

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300
  • openwall.com http://www.openwall.com/lists/oss-security/2010/01/11/2
  • openwall.com http://www.openwall.com/lists/oss-security/2010/01/13/5
  • openwall.com http://www.openwall.com/lists/oss-security/2010/01/14/4
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.