CVE-2012-3357

Name of the Vulnerable Software and Affected Versions ViewVC versions prior to 1.1.15

Description The issue concerns multiple vulnerabilities in the ViewVC package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality of protected information. Specifically, the SVN revision view in ViewVC does not properly handle log messages when a readable path is copied from an unreadable path, allowing remote attackers to obtain sensitive information, related to a "log msg leak."

Recommendations For versions prior to 1.1.15, update to version 1.1.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the SVN revision view functionality until a patch is available.