ViewVC Versions Prior To 1.1.3 Multiple Remote Vulnerabilities Network Vulnerability

Summary

ViewVC is prone to these security vulnerabilities: - A security vulnerability that involves root listing of per-root authorization configuration. - A security vulnerability in 'query.py' involving the 'forbidden' authorizer (or none). Versions prior to ViewVC 1.1.3 are vulnerable.

Solution

Vendor updates are available. Please see the references for details.

References

http://viewvc.tigris.org/
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
http://www.securityfocus.com/bid/37518

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0004, CVE-2010-0005

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 Redirection and Security Bypass Vulnerabilities
AjaxPortal 'di.php' File Inclusion Vulnerability
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
ARRIS 2307 Unprotected Web Console

ViewVC Versions Prior to 1.1.3 Multiple Remote Vulnerabilities

Take action and discover your vulnerabilities