CVE-2010-0005
NONE EPSS 74.3%
Published Jan 29, 201016y ago · Modified Jun 16, 20262w ago
Published Jan 29, 2010 16y ago
Last Modified Jun 16, 2026 2w ago
Description
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.
Threat Intelligence
EPSS Exploit Probability
74.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-264
Affected Products 11
References 7
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
- viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD
- viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300
- openwall.com http://www.openwall.com/lists/oss-security/2010/01/11/2
- openwall.com http://www.openwall.com/lists/oss-security/2010/01/13/5
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html
Remediation
- viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD