ViewVC prior to 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote malicious users to discover private root names by reading this view.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
viewvc viewvc 1.0.2 |
||
viewvc viewvc 1.0.1 |
||
viewvc viewvc 1.0.5 |
||
viewvc viewvc 1.1.2 |
||
viewvc viewvc 1.1.0 |
||
viewvc viewvc 1.1.1 |
||
viewvc viewvc 1.0.3 |
||
viewvc viewvc 1.0.4 |
||
viewvc viewvc 1.0.6 |
||
viewvc viewvc 1.0.8 |
||
viewvc viewvc 1.0.7 |