CVE-2010-0004

ViewVC < 1.1.3 - Unauthorized Exposure of Private Root Names

Title source: llm
STIX 2.1

Description

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.

Scores

EPSS 0.0260
EPSS Percentile 83.5%

Details

CWE
CWE-200
Status published
Products (11)
viewvc/viewvc 1.0.1
viewvc/viewvc 1.0.2
viewvc/viewvc 1.0.3
viewvc/viewvc 1.0.4
viewvc/viewvc 1.0.5
viewvc/viewvc 1.0.6
viewvc/viewvc 1.0.7
viewvc/viewvc 1.0.8
viewvc/viewvc 1.1.0
viewvc/viewvc 1.1.1
... and 1 more
Published Jan 29, 2010
Tracked Since Feb 18, 2026