Vulnerability CVE-2010-0132

Vulnerability Name:

CVE-2010-0132 (CCN-57402)

Assigned:

2010-03-30

Published:

2010-03-30

Updated:

2018-10-10

Summary:

Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-0132

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-5507

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-5524

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-5805

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:009

Source: CCN
Type: SA38918
ViewVC Regular Expression Search Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: Vendor Advisory
38918

Source: CCN
Type: Secunia Research 30/03/2010
ViewVC Regular Expression Search Cross-Site Scripting

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2010-26/

Source: CONFIRM
Type: UNKNOWN
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD

Source: BUGTRAQ
Type: UNKNOWN
20100330 Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting

Source: CCN
Type: BID-39053
ViewVC Regular Expression Search Cross Site Scripting Vulnerability

Source: CCN
Type: ViewVC Web site
ViewVC: Repository Browsing

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2010-0743

Source: VUPEN
Type: UNKNOWN
ADV-2010-0844

Source: XF
Type: UNKNOWN
vcview-res-xss(57402)

Source: SUSE
Type: SUSE-SR:2010:009
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:viewvc:viewvc:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.9:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.10:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.1.0:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.1.4:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:viewvc:viewvc:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:viewvc:viewvc:1.0.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20100132	V	CVE-2010-0132	2015-11-16
oval:com.ubuntu.precise:def:20100132000	V	CVE-2010-0132 on Ubuntu 12.04 LTS (precise) - medium.	2010-03-31

BACK