Mandriva Linux Security Advisory : viewvc (MDVSA-2013:134)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated viewvc packages fix security vulnerabilities :

complete authz support for remote SVN views (CVE-2012-3356).

log msg leak in SVN revision view with unreadable copy source

function name lines returned by diff are not properly escaped,
allowing attackers with commit access to perform cross site scripting

Several other bugs were fixed as well.

Solution :

Update the affected viewvc package.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66146 ()

Bugtraq ID: 54197

CVE ID: CVE-2012-3356

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now