ViewVC < 1.1.3 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5288
SynopsisThe remote web server is vulnerable to multiple attack vectors.
DescriptionThe remote web server is running ViewVC, a web-based interface for CVS and Subversion. The installed version of ViewVC is earlier than 1.1.3. Such versions are potentially affected by multiple issues :
- A security vulnerability that involves root listing support of per-root authorization configuration.
- A security vulnerability in the 'query.py' involving the 'forbidden' authorizer.
SolutionUpgrade to ViewVC 1.1.3 or later.