CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2010-0005
https://notcve.org/view.php?id=CVE-2010-0005
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. query.py en el interfaz de consultas en ViewVC anterior a v 1.1.3., no rechaza las configuraciones que especifican un autorizador no soportado para root, lo que podría pertmitir a atacantes remotos evitar las restricciones de acceso establecidas a través de una consulta. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300 http://www.openwall.com/lists/oss-security/2010/01/11/2 http://www.openwall.com/lists/oss-security/2010/01/13/5 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html https://www.redhat.com/archives/fedora-package-announce/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2010-0004
https://notcve.org/view.php?id=CVE-2010-0004
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view. ViewVc anterior a v1.1.3, compone la vista del listado root sin emplear la autorización para cada root, lo que podría permitir a atcantes remotos descubrir los nombres privados de root leyendo esta vista. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300 http://www.openwall.com/lists/oss-security/2010/01/11/2 http://www.openwall.com/lists/oss-security/2010/01/13/5 http://www.openwall • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •