CVE-2010-0005

NONE EPSS 74.3%
Published Jan 29, 201016y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 29, 2010 16y ago
Last Modified Jun 16, 2026 2w ago

Description

query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.

Threat Intelligence

EPSS Exploit Probability
74.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-264

Affected Products 11

VendorProductVersionRange
viewvcviewvc* ≤1.1.2
viewvcviewvc1.0.1any
viewvcviewvc1.0.2any
viewvcviewvc1.0.3any
viewvcviewvc1.0.4any
viewvcviewvc1.0.5any
viewvcviewvc1.0.6any
viewvcviewvc1.0.7any
viewvcviewvc1.0.8any
viewvcviewvc1.1.0any
viewvcviewvc1.1.1any

References 7

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD
    Patch
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300
  • openwall.com http://www.openwall.com/lists/oss-security/2010/01/11/2
  • openwall.com http://www.openwall.com/lists/oss-security/2010/01/13/5
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html

Remediation

  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD
    Patch