icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ViewVC < 1.1.3 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is vulnerable to multiple attack vectors.

Description

The remote web server is running ViewVC, a web-based interface for CVS and Subversion. The installed version of ViewVC is earlier than 1.1.3. Such versions are potentially affected by multiple issues :

- A security vulnerability that involves root listing support of per-root authorization configuration.

- A security vulnerability in the 'query.py' involving the 'forbidden' authorizer.

Solution

Upgrade to ViewVC 1.1.3 or later.