Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3357

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3357
Last Modified 11 Feb 2014 11:37:47
Published 22 Jul 2012 12:55:39
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3357

Summary

The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."

Vulnerable Systems

Application

  • Viewvc 0.8

  • Viewvc 0.9

  • Viewvc 0.9.1

  • Viewvc 0.9.2

  • Viewvc 0.9.3

  • Viewvc 0.9.4

  • Viewvc 1.0.0

  • Viewvc 1.0.1

  • Viewvc 1.0.10

  • Viewvc 1.0.11

  • Viewvc 1.0.2

  • Viewvc 1.0.3

  • Viewvc 1.0.4

  • Viewvc 1.0.5

  • Viewvc 1.0.6

  • Viewvc 1.0.7

  • Viewvc 1.0.8

  • Viewvc 1.0.9

  • Viewvc 1.1.0

  • Viewvc 1.1.1

  • Viewvc 1.1.10

  • Viewvc 1.1.11

  • Viewvc 1.1.12

  • Viewvc 1.1.13

  • Viewvc 1.1.14

  • Viewvc 1.1.2

  • Viewvc 1.1.3

  • Viewvc 1.1.4

  • Viewvc 1.1.5

  • Viewvc 1.1.6

  • Viewvc 1.1.7

  • Viewvc 1.1.8

  • Viewvc 1.1.9


References

SUSE - openSUSE-SU-2012:0831

XF - viewvc-svnra-info-disclosure(76615)

BID - 54199

MLIST - [oss-security] 20120625 Re: CVE Request: viewvc

CONFIRM - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758

OSVDB - 83227

DEBIAN - DSA-2563

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175

MANDRIVA - MDVSA-2013:134


Last Updated: 27 May 2016 10:54:56