10

CVE-2010-2276

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DojotoolkitDojo Version0.4.0
DojotoolkitDojo Version0.4.1
DojotoolkitDojo Version0.4.2
DojotoolkitDojo Version0.4.3
DojotoolkitDojo Version1.0
DojotoolkitDojo Version1.0.1
DojotoolkitDojo Version1.0.2
DojotoolkitDojo Version1.1
DojotoolkitDojo Version1.1.1
DojotoolkitDojo Version1.2
DojotoolkitDojo Version1.2.1
DojotoolkitDojo Version1.2.2
DojotoolkitDojo Version1.2.3
DojotoolkitDojo Version1.3
DojotoolkitDojo Version1.3.1
DojotoolkitDojo Version1.3.2
DojotoolkitDojo Version1.4
DojotoolkitDojo Version1.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.15% 0.863
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
Patch
Vendor Advisory
http://secunia.com/advisories/38964
Vendor Advisory
http://secunia.com/advisories/40007
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
http://www.vupen.com/english/advisories/2010/1281
Vendor Advisory