CVE-2010-0004
ViewVC < 1.1.3 - Unauthorized Exposure of Private Root Names
Title source: llmDescription
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html
Various Sources x_refsource_confirm
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300
Various Sources x_refsource_confirm
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/13/5
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/11/2
Various Sources x_refsource_confirm
http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/14/4
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
Scores
EPSS
0.0260
EPSS Percentile
83.5%
Details
CWE
CWE-200
Status
published
Products (11)
viewvc/viewvc
1.0.1
viewvc/viewvc
1.0.2
viewvc/viewvc
1.0.3
viewvc/viewvc
1.0.4
viewvc/viewvc
1.0.5
viewvc/viewvc
1.0.6
viewvc/viewvc
1.0.7
viewvc/viewvc
1.0.8
viewvc/viewvc
1.1.0
viewvc/viewvc
1.1.1
... and 1 more
Published
Jan 29, 2010
Tracked Since
Feb 18, 2026