CVE-2010-2276

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2010-2276
The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
http://secunia.com/advisories/38964 Vendor Advisory
http://secunia.com/advisories/40007 Vendor Advisory
http://www.vupen.com/english/advisories/2010/1281 Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.3:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:dojotoolkit:dojo:1.4:*:*:*:*:*:*:*
Information

Published : 2010-06-15 07:30

Updated : 2010-06-16 07:03

NVD link : CVE-2010-2276

Mitre link : CVE-2010-2276

JSON object : View

CWE
CWE-16

Configuration

Advertisement

dedicated server usa
Products Affected

dojotoolkit

  • dojo