5

CVE-2012-3356

The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ViewvcViewvc Version <= 1.1.14
ViewvcViewvc Version0.8
ViewvcViewvc Version0.9
ViewvcViewvc Version0.9.1
ViewvcViewvc Version0.9.2
ViewvcViewvc Version0.9.3
ViewvcViewvc Version0.9.4
ViewvcViewvc Version1.0.0
ViewvcViewvc Version1.0.1
ViewvcViewvc Version1.0.2
ViewvcViewvc Version1.0.3
ViewvcViewvc Version1.0.4
ViewvcViewvc Version1.0.5
ViewvcViewvc Version1.0.6
ViewvcViewvc Version1.0.7
ViewvcViewvc Version1.0.8
ViewvcViewvc Version1.0.9
ViewvcViewvc Version1.0.10
ViewvcViewvc Version1.0.11
ViewvcViewvc Version1.1.0
ViewvcViewvc Version1.1.1
ViewvcViewvc Version1.1.2
ViewvcViewvc Version1.1.3
ViewvcViewvc Version1.1.4
ViewvcViewvc Version1.1.5
ViewvcViewvc Version1.1.6
ViewvcViewvc Version1.1.7
ViewvcViewvc Version1.1.8
ViewvcViewvc Version1.1.9
ViewvcViewvc Version1.1.10
ViewvcViewvc Version1.1.11
ViewvcViewvc Version1.1.12
ViewvcViewvc Version1.1.13
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.03% 0.785
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.debian.org/security/2012/dsa-2563
http://osvdb.org/83225
http://viewvc.tigris.org/issues/show_bug.cgi?id=353
http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.15/CHANGES
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760
http://www.mandriva.com/security/advisories?name=MDVSA-2013:134
http://www.openwall.com/lists/oss-security/2012/06/25/8
http://www.securityfocus.com/bid/54197
https://exchange.xforce.ibmcloud.com/vulnerabilities/76614
https://lwn.net/Articles/505096/
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175