Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3356

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3356
Last Modified 11 Feb 2014 11:37:45
Published 22 Jul 2012 12:55:39
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3356

Summary

The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Vulnerable Systems

Application

  • Viewvc 0.8

  • Viewvc 0.9

  • Viewvc 0.9.1

  • Viewvc 0.9.2

  • Viewvc 0.9.3

  • Viewvc 0.9.4

  • Viewvc 1.0.0

  • Viewvc 1.0.1

  • Viewvc 1.0.10

  • Viewvc 1.0.11

  • Viewvc 1.0.2

  • Viewvc 1.0.3

  • Viewvc 1.0.4

  • Viewvc 1.0.5

  • Viewvc 1.0.6

  • Viewvc 1.0.7

  • Viewvc 1.0.8

  • Viewvc 1.0.9

  • Viewvc 1.1.0

  • Viewvc 1.1.1

  • Viewvc 1.1.10

  • Viewvc 1.1.11

  • Viewvc 1.1.12

  • Viewvc 1.1.13

  • Viewvc 1.1.14

  • Viewvc 1.1.2

  • Viewvc 1.1.3

  • Viewvc 1.1.4

  • Viewvc 1.1.5

  • Viewvc 1.1.6

  • Viewvc 1.1.7

  • Viewvc 1.1.8

  • Viewvc 1.1.9


References

SUSE - openSUSE-SU-2012:0831

XF - viewvc-svnra-security-bypass(76614)

BID - 54197

MLIST - [oss-security] 20120625 Re: CVE Request: viewvc

CONFIRM - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760

CONFIRM - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759

CONFIRM - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757

CONFIRM - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756

CONFIRM - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755

CONFIRM - http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.15/CHANGES

CONFIRM - http://viewvc.tigris.org/issues/show_bug.cgi?id=353

OSVDB - 83225

DEBIAN - DSA-2563

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175

MANDRIVA - MDVSA-2013:134


Last Updated: 27 May 2016 10:53:33