Vulnerability CVE-2010-2276


Published: 2010-06-15   Modified: 2012-02-13

Description:
The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

Type:

CWE-16

(Configuration)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Dojotoolkit -> DOJO 

 References:
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
http://www.vupen.com/english/advisories/2010/1281
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://secunia.com/advisories/40007
http://secunia.com/advisories/38964

Copyright 2024, cxsecurity.com

 

Back to Top