Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ViewVC < 1.1.3 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is vulnerable to multiple attack vectors.

Description

The remote web server is running ViewVC, a web-based interface for CVS and Subversion. The installed version of ViewVC is earlier than 1.1.3. Such versions are potentially affected by multiple issues :

- A security vulnerability that involves root listing support of per-root authorization configuration.

- A security vulnerability in the 'query.py' involving the 'forbidden' authorizer.

Solution

Upgrade to ViewVC 1.1.3 or later.