CVE-2012-3356

Viewvc < 1.1.14 - Authentication Bypass

Title source: rule

Description

The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

References (15)

[Third Party Advisory, VDB Entry] http://osvdb.org/83225

[Various Sources] http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.15/CHANGES

[Various Sources] http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755

[Various Sources] http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756

[Various Sources] http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757

[Various Sources] http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759

[Various Sources] http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2013:134

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/54197

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/76614

[Various Sources] https://lwn.net/Articles/505096/

[Issue Tracking] http://viewvc.tigris.org/issues/show_bug.cgi?id=353

[Third Party Advisory] https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2563

[Mailing List] http://www.openwall.com/lists/oss-security/2012/06/25/8

Scores

EPSS 0.0044

EPSS Percentile 62.7%

Classification

CWE

CWE-287

Status draft

Affected Products (33)

viewvc/viewvc < 1.1.14

viewvc/viewvc

... and 18 more

Timeline

Published Jul 22, 2012

Tracked Since Feb 18, 2026