Search criteria
21 vulnerabilities by viewvc
CVE-2025-54141 (GCVE-0-2025-54141)
Vulnerability from cvelistv5 – Published: 2025-07-22 21:35 – Updated: 2025-07-23 18:31
VLAI
Title
ViewVC's standalone server exposes arbitrary server filesystem content
Summary
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style attack. This is fixed in versions 1.1.31 and 1.2.4.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/viewvc/viewvc/security/advisor… | x_refsource_CONFIRM |
| https://github.com/viewvc/viewvc/issues/211 | x_refsource_MISC |
| https://github.com/viewvc/viewvc/commit/1dd84542c… | x_refsource_MISC |
| https://github.com/viewvc/viewvc/commit/5d7c76be0… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54141",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T18:31:23.195289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T18:31:31.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "viewvc",
"vendor": "viewvc",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.1.31"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server\u0027s filesystem though a directory traversal-style attack. This is fixed in versions 1.1.31 and 1.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T21:35:47.844Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-rv3m-76rj-q397",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-rv3m-76rj-q397"
},
{
"name": "https://github.com/viewvc/viewvc/issues/211",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/issues/211"
},
{
"name": "https://github.com/viewvc/viewvc/commit/1dd84542c39b39e4a3f434db84a8ba3441d6a1e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/commit/1dd84542c39b39e4a3f434db84a8ba3441d6a1e7"
},
{
"name": "https://github.com/viewvc/viewvc/commit/5d7c76be07b77dce4ff631e9b866056344f11e84",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/commit/5d7c76be07b77dce4ff631e9b866056344f11e84"
}
],
"source": {
"advisory": "GHSA-rv3m-76rj-q397",
"discovery": "UNKNOWN"
},
"title": "ViewVC\u0027s standalone server exposes arbitrary server filesystem content"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54141",
"datePublished": "2025-07-22T21:35:47.844Z",
"dateReserved": "2025-07-16T23:53:40.511Z",
"dateUpdated": "2025-07-23T18:31:31.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22464 (GCVE-0-2023-22464)
Vulnerability from cvelistv5 – Published: 2023-01-04 15:12 – Updated: 2025-03-10 21:32
VLAI
Title
ViewVC XSS vulnerability in revision view changed path "copyfrom" locations
Summary
ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.3 (if they are using a 1.2.x version of ViewVC) or 1.1.30 (if they are using a 1.1.x version).
ViewVC 1.0.x is no longer supported, so users of that release lineage should implement one of the following workarounds. Users can edit their ViewVC EZT view templates to manually HTML-escape changed path "copyfrom paths" during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format "html"]` and `[end]`. For most users, that means that references to `[changes.copy_path]` will become `[format "html"][changes.copy_path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else "copyfrom path" names will be doubly escaped.)
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/viewvc/viewvc/security/advisor… | x_refsource_CONFIRM |
| https://github.com/viewvc/viewvc/issues/311 | x_refsource_MISC |
| https://github.com/viewvc/viewvc/releases/tag/1.1.30 | x_refsource_MISC |
| https://github.com/viewvc/viewvc/releases/tag/1.2.3 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h"
},
{
"name": "https://github.com/viewvc/viewvc/issues/311",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/issues/311"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.1.30",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.1.30"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.2.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.2.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22464",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:01:53.705497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:32:51.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "viewvc",
"vendor": "viewvc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.30"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.3 (if they are using a 1.2.x version of ViewVC) or 1.1.30 (if they are using a 1.1.x version).\n\nViewVC 1.0.x is no longer supported, so users of that release lineage should implement one of the following workarounds. Users can edit their ViewVC EZT view templates to manually HTML-escape changed path \"copyfrom paths\" during rendering. Locate in your template set\u0027s `revision.ezt` file references to those changed paths, and wrap them with `[format \"html\"]` and `[end]`. For most users, that means that references to `[changes.copy_path]` will become `[format \"html\"][changes.copy_path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else \"copyfrom path\" names will be doubly escaped.)\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-04T15:12:50.980Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h"
},
{
"name": "https://github.com/viewvc/viewvc/issues/311",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/issues/311"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.1.30",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.1.30"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.2.3"
}
],
"source": {
"advisory": "GHSA-jvpj-293q-q53h",
"discovery": "UNKNOWN"
},
"title": "ViewVC XSS vulnerability in revision view changed path \"copyfrom\" locations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22464",
"datePublished": "2023-01-04T15:12:50.980Z",
"dateReserved": "2022-12-29T03:00:40.879Z",
"dateUpdated": "2025-03-10T21:32:51.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22456 (GCVE-0-2023-22456)
Vulnerability from cvelistv5 – Published: 2023-01-03 18:29 – Updated: 2025-03-10 21:33
VLAI
Title
ViewVC XSS vulnerability in revision view changed paths
Summary
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version).
ViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format "html"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format "html"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/viewvc/viewvc/security/advisor… | x_refsource_CONFIRM |
| https://github.com/viewvc/viewvc/issues/311 | x_refsource_MISC |
| https://github.com/viewvc/viewvc/releases/tag/1.1.29 | x_refsource_MISC |
| https://github.com/viewvc/viewvc/releases/tag/1.2.2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g"
},
{
"name": "https://github.com/viewvc/viewvc/issues/311",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/issues/311"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.1.29",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.1.29"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.2.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.2.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:00:45.571227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:33:20.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "viewvc",
"vendor": "viewvc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.29"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version).\n\nViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set\u0027s `revision.ezt` file references to those changed paths, and wrap them with `[format \"html\"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format \"html\"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T18:29:51.262Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g"
},
{
"name": "https://github.com/viewvc/viewvc/issues/311",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/issues/311"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.1.29",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.1.29"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.2.2"
}
],
"source": {
"advisory": "GHSA-j4mx-f97j-gc5g",
"discovery": "UNKNOWN"
},
"title": "ViewVC XSS vulnerability in revision view changed paths"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22456",
"datePublished": "2023-01-03T18:29:51.262Z",
"dateReserved": "2022-12-29T03:00:40.878Z",
"dateUpdated": "2025-03-10T21:33:20.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5283 (GCVE-0-2020-5283)
Vulnerability from cvelistv5 – Published: 2020-04-03 00:10 – Updated: 2024-08-04 08:22
VLAI
Title
XSS vulnerability in CVS show_subdir_lastmod support
Summary
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28.
Severity
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/viewvc/viewvc/security/advisor… | x_refsource_CONFIRM |
| https://github.com/viewvc/viewvc/issues/211 | x_refsource_MISC |
| https://github.com/viewvc/viewvc/commit/ad0f966e9… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/issues/211"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8"
},
{
"name": "FEDORA-2020-c952520959",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q2STF2MKT24HXZ3YZIU7CN6F6QM67I5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "viewvc",
"vendor": "viewvc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.28"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-15T05:06:08.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/issues/211"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8"
},
{
"name": "FEDORA-2020-c952520959",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q2STF2MKT24HXZ3YZIU7CN6F6QM67I5/"
}
],
"source": {
"advisory": "GHSA-xpxf-fvqv-7mfg",
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in CVS show_subdir_lastmod support",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5283",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability in CVS show_subdir_lastmod support"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "viewvc",
"version": {
"version_data": [
{
"version_value": "\u003c 1.1.28"
},
{
"version_value": "\u003e= 1.2.0, \u003c 1.2.1"
}
]
}
}
]
},
"vendor_name": "viewvc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg",
"refsource": "CONFIRM",
"url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg"
},
{
"name": "https://github.com/viewvc/viewvc/issues/211",
"refsource": "MISC",
"url": "https://github.com/viewvc/viewvc/issues/211"
},
{
"name": "https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8",
"refsource": "MISC",
"url": "https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8"
},
{
"name": "FEDORA-2020-c952520959",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Q2STF2MKT24HXZ3YZIU7CN6F6QM67I5/"
}
]
},
"source": {
"advisory": "GHSA-xpxf-fvqv-7mfg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5283",
"datePublished": "2020-04-03T00:10:13.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5743 (GCVE-0-2007-5743)
Vulnerability from cvelistv5 – Published: 2019-11-07 21:55 – Updated: 2024-08-07 15:39
VLAI
Summary
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
Date Public
2007-03-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2007-5743"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "viewvc 1.0.3 allows improper access control to files in a repository when using the \"forbidden\" configuration option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T21:55:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2007-5743"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "viewvc 1.0.3 allows improper access control to files in a repository when using the \"forbidden\" configuration option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2007-5743",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2007-5743"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416696",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5743",
"datePublished": "2019-11-07T21:55:32.000Z",
"dateReserved": "2007-10-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:39:13.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5938 (GCVE-0-2017-5938)
Vulnerability from cvelistv5 – Published: 2017-03-15 14:00 – Updated: 2024-08-05 15:18
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/viewvc/viewvc/releases/tag/1.0.14 | x_refsource_CONFIRM |
| https://github.com/viewvc/viewvc/issues/137 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96185 | vdb-entryx_refsource_BID |
| https://github.com/viewvc/viewvc/commit/9dcfc7daa… | x_refsource_CONFIRM |
| https://github.com/viewvc/viewvc/releases/tag/1.1.26 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/02/09/6 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2017/dsa-3784 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2017-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.0.14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/issues/137"
},
{
"name": "96185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.1.26"
},
{
"name": "[oss-security] 20170208 Re: CVE request: XSS in viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/09/6"
},
{
"name": "DSA-3784",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3784"
},
{
"name": "openSUSE-SU-2017:0501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00082.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-07T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.0.14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/viewvc/viewvc/issues/137"
},
{
"name": "96185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/viewvc/viewvc/releases/tag/1.1.26"
},
{
"name": "[oss-security] 20170208 Re: CVE request: XSS in viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/09/6"
},
{
"name": "DSA-3784",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3784"
},
{
"name": "openSUSE-SU-2017:0501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00082.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.0.14",
"refsource": "CONFIRM",
"url": "https://github.com/viewvc/viewvc/releases/tag/1.0.14"
},
{
"name": "https://github.com/viewvc/viewvc/issues/137",
"refsource": "CONFIRM",
"url": "https://github.com/viewvc/viewvc/issues/137"
},
{
"name": "96185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96185"
},
{
"name": "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad",
"refsource": "CONFIRM",
"url": "https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad"
},
{
"name": "https://github.com/viewvc/viewvc/releases/tag/1.1.26",
"refsource": "CONFIRM",
"url": "https://github.com/viewvc/viewvc/releases/tag/1.1.26"
},
{
"name": "[oss-security] 20170208 Re: CVE request: XSS in viewvc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/09/6"
},
{
"name": "DSA-3784",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3784"
},
{
"name": "openSUSE-SU-2017:0501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00082.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5938",
"datePublished": "2017-03-15T14:00:00.000Z",
"dateReserved": "2017-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4533 (GCVE-0-2012-4533)
Vulnerability from cvelistv5 – Published: 2012-11-19 00:00 – Updated: 2024-08-06 20:42
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public
2012-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:53.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=515"
},
{
"name": "86566",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/86566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2794"
},
{
"name": "51041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2792"
},
{
"name": "56161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56161"
},
{
"name": "viewvc-viewvc-checkins-xss(79561)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79561"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062"
},
{
"name": "[oss-security] 20121020 Re: CVE Request: viewvc 1.1.5 lib/viewvc.py XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/21/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313"
},
{
"name": "MDVSA-2013:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134"
},
{
"name": "DSA-2563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2563"
},
{
"name": "[oss-security] 20121020 CVE Request: viewvc 1.1.5 lib/viewvc.py XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/21/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES"
},
{
"name": "51072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"extra\" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the \"function name\" line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=515"
},
{
"name": "86566",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/86566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2794"
},
{
"name": "51041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2792"
},
{
"name": "56161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56161"
},
{
"name": "viewvc-viewvc-checkins-xss(79561)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79561"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062"
},
{
"name": "[oss-security] 20121020 Re: CVE Request: viewvc 1.1.5 lib/viewvc.py XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/21/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313"
},
{
"name": "MDVSA-2013:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134"
},
{
"name": "DSA-2563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2563"
},
{
"name": "[oss-security] 20121020 CVE Request: viewvc 1.1.5 lib/viewvc.py XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/21/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES"
},
{
"name": "51072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51072"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4533",
"datePublished": "2012-11-19T00:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:42:53.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3356 (GCVE-0-2012-3356)
Vulnerability from cvelistv5 – Published: 2012-07-22 16:00 – Updated: 2024-08-06 20:05
VLAI
Summary
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2012-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:11.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120625 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2760"
},
{
"name": "54197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.15/CHANGES"
},
{
"name": "viewvc-svnra-security-bypass(76614)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76614"
},
{
"name": "83225",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/83225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2755"
},
{
"name": "openSUSE-SU-2012:0831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://lwn.net/Articles/505096/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2756"
},
{
"name": "MDVSA-2013:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134"
},
{
"name": "DSA-2563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2563"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120625 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2760"
},
{
"name": "54197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.15/CHANGES"
},
{
"name": "viewvc-svnra-security-bypass(76614)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76614"
},
{
"name": "83225",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/83225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2755"
},
{
"name": "openSUSE-SU-2012:0831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://lwn.net/Articles/505096/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2756"
},
{
"name": "MDVSA-2013:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134"
},
{
"name": "DSA-2563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2563"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=353"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3356",
"datePublished": "2012-07-22T16:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:11.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3357 (GCVE-0-2012-3357)
Vulnerability from cvelistv5 – Published: 2012-07-22 16:00 – Updated: 2024-08-06 20:05
VLAI
Summary
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/06/25/8 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/54199 | vdb-entryx_refsource_BID |
| https://lwn.net/Articles/505096/ | vendor-advisoryx_refsource_SUSE |
| https://wiki.mageia.org/en/Support/Advisories/MGA… | x_refsource_CONFIRM |
| http://viewvc.tigris.org/source/browse/viewvc?vie… | x_refsource_CONFIRM |
| http://osvdb.org/83227 | vdb-entryx_refsource_OSVDB |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.debian.org/security/2012/dsa-2563 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120625 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/8"
},
{
"name": "viewvc-svnra-info-disclosure(76615)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76615"
},
{
"name": "54199",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54199"
},
{
"name": "openSUSE-SU-2012:0831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://lwn.net/Articles/505096/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2758"
},
{
"name": "83227",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/83227"
},
{
"name": "MDVSA-2013:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134"
},
{
"name": "DSA-2563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a \"log msg leak.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120625 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/8"
},
{
"name": "viewvc-svnra-info-disclosure(76615)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76615"
},
{
"name": "54199",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54199"
},
{
"name": "openSUSE-SU-2012:0831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://lwn.net/Articles/505096/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2758"
},
{
"name": "83227",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/83227"
},
{
"name": "MDVSA-2013:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134"
},
{
"name": "DSA-2563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2563"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3357",
"datePublished": "2012-07-22T16:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5024 (GCVE-0-2009-5024)
Vulnerability from cvelistv5 – Published: 2011-05-23 22:00 – Updated: 2024-08-07 07:24
VLAI
Summary
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/47928 | vdb-entryx_refsource_BID |
| http://openwall.com/lists/oss-security/2011/05/19/9 | mailing-listx_refsource_MLIST |
| http://viewvc.tigris.org/issues/show_bug.cgi?id=433 | x_refsource_CONFIRM |
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2011/05/19/1 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2012/dsa-2563 | vendor-advisoryx_refsource_DEBIAN |
| http://viewvc.tigris.org/source/browse/%2Acheckou… | x_refsource_CONFIRM |
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
Date Public
2009-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47928"
},
{
"name": "[oss-security] 20110519 Re: CVE Request: viewvc DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/19/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u\u0026r1=2547\u0026r2=2546\u0026pathrev=2547"
},
{
"name": "[oss-security] 20110519 CVE Request: viewvc DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/19/1"
},
{
"name": "DSA-2563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2563"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.11/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u\u0026view=log#rev2547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a \"query revision history\" request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-20T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "47928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47928"
},
{
"name": "[oss-security] 20110519 Re: CVE Request: viewvc DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/19/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u\u0026r1=2547\u0026r2=2546\u0026pathrev=2547"
},
{
"name": "[oss-security] 20110519 CVE Request: viewvc DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/19/1"
},
{
"name": "DSA-2563",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2563"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.11/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u\u0026view=log#rev2547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-5024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a \"query revision history\" request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47928"
},
{
"name": "[oss-security] 20110519 Re: CVE Request: viewvc DoS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/19/9"
},
{
"name": "http://viewvc.tigris.org/issues/show_bug.cgi?id=433",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=433"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u\u0026r1=2547\u0026r2=2546\u0026pathrev=2547",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u\u0026r1=2547\u0026r2=2546\u0026pathrev=2547"
},
{
"name": "[oss-security] 20110519 CVE Request: viewvc DoS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/19/1"
},
{
"name": "DSA-2563",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2563"
},
{
"name": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u\u0026view=log#rev2547",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u\u0026view=log#rev2547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5024",
"datePublished": "2011-05-23T22:00:00.000Z",
"dateReserved": "2010-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:53.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0132 (GCVE-0-2010-0132)
Vulnerability from cvelistv5 – Published: 2010-03-31 17:35 – Updated: 2024-08-07 00:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/510408/100… | mailing-listx_refsource_BUGTRAQ |
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/secunia_research/2010-26/ | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/38918 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/0844 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2010/0743 | vdb-entryx_refsource_VUPEN |
Date Public
2010-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100330 Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510408/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342\u0026r2=2359\u0026pathrev=HEAD"
},
{
"name": "FEDORA-2010-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html"
},
{
"name": "FEDORA-2010-5507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html"
},
{
"name": "SUSE-SR:2010:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-26/"
},
{
"name": "FEDORA-2010-5805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html"
},
{
"name": "38918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38918"
},
{
"name": "ADV-2010-0844",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0844"
},
{
"name": "ADV-2010-0743",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0743"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to \"search_re input,\" a different vulnerability than CVE-2010-0736."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "20100330 Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510408/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342\u0026r2=2359\u0026pathrev=HEAD"
},
{
"name": "FEDORA-2010-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html"
},
{
"name": "FEDORA-2010-5507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html"
},
{
"name": "SUSE-SR:2010:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-26/"
},
{
"name": "FEDORA-2010-5805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html"
},
{
"name": "38918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38918"
},
{
"name": "ADV-2010-0844",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0844"
},
{
"name": "ADV-2010-0743",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0743"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to \"search_re input,\" a different vulnerability than CVE-2010-0736."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100330 Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510408/100/0/threaded"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342\u0026r2=2359\u0026pathrev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342\u0026r2=2359\u0026pathrev=HEAD"
},
{
"name": "FEDORA-2010-5524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html"
},
{
"name": "FEDORA-2010-5507",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html"
},
{
"name": "SUSE-SR:2010:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
},
{
"name": "http://secunia.com/secunia_research/2010-26/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-26/"
},
{
"name": "FEDORA-2010-5805",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html"
},
{
"name": "38918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38918"
},
{
"name": "ADV-2010-0844",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0844"
},
{
"name": "ADV-2010-0743",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0743"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-0132",
"datePublished": "2010-03-31T17:35:00.000Z",
"dateReserved": "2010-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:37:53.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0736 (GCVE-0-2010-0736)
Vulnerability from cvelistv5 – Published: 2010-03-19 19:00 – Updated: 2024-09-17 00:26
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://viewvc.tigris.org/source/browse/viewvc?vie… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2010/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2010/03/10/8 | mailing-listx_refsource_MLIST |
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2326"
},
{
"name": "[oss-security] 20100316 Re: CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/16/14"
},
{
"name": "[oss-security] 20100310 CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/10/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2313\u0026r2=2342\u0026pathrev=HEAD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via \"user-provided input.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T19:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2326"
},
{
"name": "[oss-security] 20100316 Re: CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/16/14"
},
{
"name": "[oss-security] 20100310 CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/10/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2313\u0026r2=2342\u0026pathrev=HEAD"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via \"user-provided input.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2326",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2326"
},
{
"name": "[oss-security] 20100316 Re: CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/16/14"
},
{
"name": "[oss-security] 20100310 CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/10/8"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2313\u0026r2=2342\u0026pathrev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2313\u0026r2=2342\u0026pathrev=HEAD"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0736",
"datePublished": "2010-03-19T19:00:00.000Z",
"dateReserved": "2010-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:26.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0005 (GCVE-0-2010-0005)
Vulnerability from cvelistv5 – Published: 2010-01-29 18:00 – Updated: 2024-09-16 17:38
VLAI
Summary
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2010/01/13/5 | mailing-listx_refsource_MLIST |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2010/01/11/2 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://viewvc.tigris.org/source/browse/viewvc?vie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:47.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242\u0026r2=2313\u0026pathrev=HEAD"
},
{
"name": "FEDORA-2009-13610",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html"
},
{
"name": "[oss-security] 20100113 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/13/5"
},
{
"name": "FEDORA-2009-13634",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html"
},
{
"name": "[oss-security] 20100111 CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/11/2"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2300"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-29T18:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242\u0026r2=2313\u0026pathrev=HEAD"
},
{
"name": "FEDORA-2009-13610",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html"
},
{
"name": "[oss-security] 20100113 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/13/5"
},
{
"name": "FEDORA-2009-13634",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html"
},
{
"name": "[oss-security] 20100111 CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/11/2"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2300"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242\u0026r2=2313\u0026pathrev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242\u0026r2=2313\u0026pathrev=HEAD"
},
{
"name": "FEDORA-2009-13610",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html"
},
{
"name": "[oss-security] 20100113 Re: CVE Request: viewvc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/13/5"
},
{
"name": "FEDORA-2009-13634",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html"
},
{
"name": "[oss-security] 20100111 CVE Request: viewvc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/11/2"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2300",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2300"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0005",
"datePublished": "2010-01-29T18:00:00.000Z",
"dateReserved": "2009-12-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:38:01.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0004 (GCVE-0-2010-0004)
Vulnerability from cvelistv5 – Published: 2010-01-29 18:00 – Updated: 2024-09-16 23:51
VLAI
Summary
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2010/01/13/5 | mailing-listx_refsource_MLIST |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2010/01/11/2 | mailing-listx_refsource_MLIST |
| http://viewvc.tigris.org/source/browse/%2Acheckou… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2010/01/14/4 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://viewvc.tigris.org/source/browse/viewvc?vie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:47.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242\u0026r2=2313\u0026pathrev=HEAD"
},
{
"name": "FEDORA-2009-13610",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html"
},
{
"name": "[oss-security] 20100113 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/13/5"
},
{
"name": "FEDORA-2009-13634",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html"
},
{
"name": "[oss-security] 20100111 CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222"
},
{
"name": "[oss-security] 20100114 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/14/4"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2300"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-29T18:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242\u0026r2=2313\u0026pathrev=HEAD"
},
{
"name": "FEDORA-2009-13610",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html"
},
{
"name": "[oss-security] 20100113 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/13/5"
},
{
"name": "FEDORA-2009-13634",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html"
},
{
"name": "[oss-security] 20100111 CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222"
},
{
"name": "[oss-security] 20100114 Re: CVE Request: viewvc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/14/4"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2300"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242\u0026r2=2313\u0026pathrev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242\u0026r2=2313\u0026pathrev=HEAD"
},
{
"name": "FEDORA-2009-13610",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html"
},
{
"name": "[oss-security] 20100113 Re: CVE Request: viewvc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/13/5"
},
{
"name": "FEDORA-2009-13634",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html"
},
{
"name": "[oss-security] 20100111 CVE Request: viewvc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/11/2"
},
{
"name": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222"
},
{
"name": "[oss-security] 20100114 Re: CVE Request: viewvc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/14/4"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2300",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2300"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0004",
"datePublished": "2010-01-29T18:00:00.000Z",
"dateReserved": "2009-12-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:34.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3618 (GCVE-0-2009-3618)
Vulnerability from cvelistv5 – Published: 2009-11-10 02:00 – Updated: 2024-08-07 06:31
VLAI
Summary
Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/2257 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/36292 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://osvdb.org/56997 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2009/1… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/36311 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://viewvc.tigris.org/source/browse/%2Acheckou… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2009-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2257",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2257"
},
{
"name": "36292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36292"
},
{
"name": "FEDORA-2009-8501",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html"
},
{
"name": "FEDORA-2009-8507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00566.html"
},
{
"name": "56997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/56997"
},
{
"name": "[oss-security] 20091016 Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/10"
},
{
"name": "36311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36311"
},
{
"name": "viewvc-view-xss(52430)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.2/CHANGES?revision=2235\u0026pathrev=HEAD"
},
{
"name": "SUSE-SR:2009:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2009-2257",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2257"
},
{
"name": "36292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36292"
},
{
"name": "FEDORA-2009-8501",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html"
},
{
"name": "FEDORA-2009-8507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00566.html"
},
{
"name": "56997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/56997"
},
{
"name": "[oss-security] 20091016 Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/10"
},
{
"name": "36311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36311"
},
{
"name": "viewvc-view-xss(52430)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.2/CHANGES?revision=2235\u0026pathrev=HEAD"
},
{
"name": "SUSE-SR:2009:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2257",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2257"
},
{
"name": "36292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36292"
},
{
"name": "FEDORA-2009-8501",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html"
},
{
"name": "FEDORA-2009-8507",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00566.html"
},
{
"name": "56997",
"refsource": "OSVDB",
"url": "http://osvdb.org/56997"
},
{
"name": "[oss-security] 20091016 Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/10"
},
{
"name": "36311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36311"
},
{
"name": "viewvc-view-xss(52430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52430"
},
{
"name": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES?revision=2235\u0026pathrev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES?revision=2235\u0026pathrev=HEAD"
},
{
"name": "SUSE-SR:2009:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3618",
"datePublished": "2009-11-10T02:00:00.000Z",
"dateReserved": "2009-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3619 (GCVE-0-2009-3619)
Vulnerability from cvelistv5 – Published: 2009-11-10 02:00 – Updated: 2024-08-07 06:31
VLAI
Summary
Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/2257 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/36292 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2009/1… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/36311 | third-party-advisoryx_refsource_SECUNIA |
| http://viewvc.tigris.org/source/browse/%2Acheckou… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2009-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2257",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2257"
},
{
"name": "36292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36292"
},
{
"name": "FEDORA-2009-8501",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html"
},
{
"name": "FEDORA-2009-8507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00566.html"
},
{
"name": "[oss-security] 20091016 Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/10"
},
{
"name": "36311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36311"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.2/CHANGES?revision=2235\u0026pathrev=HEAD"
},
{
"name": "SUSE-SR:2009:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to \"printing illegal parameter names and values.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-04T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2009-2257",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2257"
},
{
"name": "36292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36292"
},
{
"name": "FEDORA-2009-8501",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html"
},
{
"name": "FEDORA-2009-8507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00566.html"
},
{
"name": "[oss-security] 20091016 Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/10"
},
{
"name": "36311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36311"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.2/CHANGES?revision=2235\u0026pathrev=HEAD"
},
{
"name": "SUSE-SR:2009:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to \"printing illegal parameter names and values.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2257",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2257"
},
{
"name": "36292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36292"
},
{
"name": "FEDORA-2009-8501",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html"
},
{
"name": "FEDORA-2009-8507",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00566.html"
},
{
"name": "[oss-security] 20091016 Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/10"
},
{
"name": "36311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36311"
},
{
"name": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES?revision=2235\u0026pathrev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES?revision=2235\u0026pathrev=HEAD"
},
{
"name": "SUSE-SR:2009:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3619",
"datePublished": "2009-11-10T02:00:00.000Z",
"dateReserved": "2009-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4325 (GCVE-0-2008-4325)
Vulnerability from cvelistv5 – Published: 2008-09-30 16:00 – Updated: 2024-09-17 01:06
VLAI
Summary
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://viewvc.tigris.org/source/browse/viewvc?rev… | x_refsource_CONFIRM |
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2008/09/19/4 | mailing-listx_refsource_MLIST |
| http://viewvc.tigris.org/issues/show_bug.cgi?id=354 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2008/09/20/1 | mailing-listx_refsource_MLIST |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:35.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?rev=1978\u0026view=rev"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011\u0026r1=1968\u0026r2=1978"
},
{
"name": "[oss-security] 20080919 viewvc security flaw?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/19/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=354"
},
{
"name": "[oss-security] 20080920 Re: viewvc security flaw?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/20/1"
},
{
"name": "FEDORA-2008-8270",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01142.html"
},
{
"name": "FEDORA-2008-8252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01101.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-30T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc?rev=1978\u0026view=rev"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011\u0026r1=1968\u0026r2=1978"
},
{
"name": "[oss-security] 20080919 viewvc security flaw?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/19/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=354"
},
{
"name": "[oss-security] 20080920 Re: viewvc security flaw?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/20/1"
},
{
"name": "FEDORA-2008-8270",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01142.html"
},
{
"name": "FEDORA-2008-8252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01101.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://viewvc.tigris.org/source/browse/viewvc?rev=1978\u0026view=rev",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc?rev=1978\u0026view=rev"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011\u0026r1=1968\u0026r2=1978",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011\u0026r1=1968\u0026r2=1978"
},
{
"name": "[oss-security] 20080919 viewvc security flaw?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/19/4"
},
{
"name": "http://viewvc.tigris.org/issues/show_bug.cgi?id=354",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=354"
},
{
"name": "[oss-security] 20080920 Re: viewvc security flaw?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/20/1"
},
{
"name": "FEDORA-2008-8270",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01142.html"
},
{
"name": "FEDORA-2008-8252",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01101.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4325",
"datePublished": "2008-09-30T16:00:00.000Z",
"dateReserved": "2008-09-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:06:23.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1290 (GCVE-0-2008-1290)
Vulnerability from cvelistv5 – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200803-29.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29460 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/29176 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/0734… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/28055 | vdb-entryx_refsource_BID |
| http://bugs.gentoo.org/show_bug.cgi?id=212288 | x_refsource_CONFIRM |
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.0.5 includes \"all-forbidden\" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-20T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC before 1.0.5 includes \"all-forbidden\" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29176"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28055"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=212288",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1290",
"datePublished": "2008-03-24T17:00:00.000Z",
"dateReserved": "2008-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:33.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1292 (GCVE-0-2008-1292)
Vulnerability from cvelistv5 – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200803-29.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29460 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/29176 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/0734… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/28055 | vdb-entryx_refsource_BID |
| http://bugs.gentoo.org/show_bug.cgi?id=212288 | x_refsource_CONFIRM |
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-20T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29176"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28055"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=212288",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1292",
"datePublished": "2008-03-24T17:00:00.000Z",
"dateReserved": "2008-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1291 (GCVE-0-2008-1291)
Vulnerability from cvelistv5 – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200803-29.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29460 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/29176 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/0734… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/28055 | vdb-entryx_refsource_BID |
| http://bugs.gentoo.org/show_bug.cgi?id=212288 | x_refsource_CONFIRM |
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-20T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml"
},
{
"name": "29460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29460"
},
{
"name": "29176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29176"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380"
},
{
"name": "ADV-2008-0734",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0734/references"
},
{
"name": "28055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28055"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=212288",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1291",
"datePublished": "2008-03-24T17:00:00.000Z",
"dateReserved": "2008-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:33.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5442 (GCVE-0-2006-5442)
Vulnerability from cvelistv5 – Published: 2006-10-21 00:00 – Updated: 2024-08-07 19:48
VLAI
Summary
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/448762/100… | mailing-listx_refsource_BUGTRAQ |
| http://viewvc.tigris.org/servlets/ReadMsg?list=an… | mailing-listx_refsource_MLIST |
| http://www.hardened-php.net/advisory_102006.134.html | x_refsource_MISC |
| http://securityreason.com/securityalert/1755 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/22395 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://viewvc.tigris.org/source/browse/viewvc/tru… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/20543 | vdb-entryx_refsource_BID |
Date Public
2006-10-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061015 Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448762/100/0/threaded"
},
{
"name": "[announce] 20061013 ViewVC 1.0.3 released [SECURITY FIXES]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://viewvc.tigris.org/servlets/ReadMsg?list=announce\u0026msgNo=5\u0026raw=true"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_102006.134.html"
},
{
"name": "1755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1755"
},
{
"name": "22395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22395"
},
{
"name": "viewvc-utf7-xss(29576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
},
{
"name": "20543",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061015 Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448762/100/0/threaded"
},
{
"name": "[announce] 20061013 ViewVC 1.0.3 released [SECURITY FIXES]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://viewvc.tigris.org/servlets/ReadMsg?list=announce\u0026msgNo=5\u0026raw=true"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_102006.134.html"
},
{
"name": "1755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1755"
},
{
"name": "22395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22395"
},
{
"name": "viewvc-utf7-xss(29576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
},
{
"name": "20543",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20543"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061015 Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448762/100/0/threaded"
},
{
"name": "[announce] 20061013 ViewVC 1.0.3 released [SECURITY FIXES]",
"refsource": "MLIST",
"url": "http://viewvc.tigris.org/servlets/ReadMsg?list=announce\u0026msgNo=5\u0026raw=true"
},
{
"name": "http://www.hardened-php.net/advisory_102006.134.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_102006.134.html"
},
{
"name": "1755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1755"
},
{
"name": "22395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22395"
},
{
"name": "viewvc-utf7-xss(29576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29576"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD"
},
{
"name": "20543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20543"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5442",
"datePublished": "2006-10-21T00:00:00.000Z",
"dateReserved": "2006-10-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:48:30.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}