Lucene search

MitreCVE-2010-2276

HistoryJun 15, 2010 - 2:30 p.m.

CVE-2010-2276

2010-06-1514:30:01

CWE-16

mitre

web.nvd.nist.gov

103

dojo

cve-2010-2276

build process

security vulnerability

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.02

Percentile

89.1%

JSON

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

Affected configurations

Nvd

Node

dojotoolkitdojoMatch0.4.0

dojotoolkitdojoMatch0.4.1

dojotoolkitdojoMatch0.4.2

dojotoolkitdojoMatch0.4.3

dojotoolkitdojoMatch1.0

dojotoolkitdojoMatch1.0.1

dojotoolkitdojoMatch1.0.2

dojotoolkitdojoMatch1.1

dojotoolkitdojoMatch1.1.1

dojotoolkitdojoMatch1.2

dojotoolkitdojoMatch1.2.1

dojotoolkitdojoMatch1.2.2

dojotoolkitdojoMatch1.2.3

dojotoolkitdojoMatch1.3

dojotoolkitdojoMatch1.3.1

dojotoolkitdojoMatch1.3.2

dojotoolkitdojoMatch1.4

dojotoolkitdojoMatch1.4.1

VendorProductVersionCPE
dojotoolkitdojo0.4.0cpe:2.3:a:dojotoolkit:dojo:0.4.0:*:*:*:*:*:*:*
dojotoolkitdojo0.4.1cpe:2.3:a:dojotoolkit:dojo:0.4.1:*:*:*:*:*:*:*
dojotoolkitdojo0.4.2cpe:2.3:a:dojotoolkit:dojo:0.4.2:*:*:*:*:*:*:*
dojotoolkitdojo0.4.3cpe:2.3:a:dojotoolkit:dojo:0.4.3:*:*:*:*:*:*:*
dojotoolkitdojo1.0cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*
dojotoolkitdojo1.0.1cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*
dojotoolkitdojo1.0.2cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*
dojotoolkitdojo1.1cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*
dojotoolkitdojo1.1.1cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*
dojotoolkitdojo1.2cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dojotoolkit	dojo	0.4.0	cpe:2.3:a:dojotoolkit:dojo:0.4.0:::::::*
dojotoolkit	dojo	0.4.1	cpe:2.3:a:dojotoolkit:dojo:0.4.1:::::::*
dojotoolkit	dojo	0.4.2	cpe:2.3:a:dojotoolkit:dojo:0.4.2:::::::*
dojotoolkit	dojo	0.4.3	cpe:2.3:a:dojotoolkit:dojo:0.4.3:::::::*
dojotoolkit	dojo	1.0	cpe:2.3:a:dojotoolkit:dojo:1.0:::::::*
dojotoolkit	dojo	1.0.1	cpe:2.3:a:dojotoolkit:dojo:1.0.1:::::::*
dojotoolkit	dojo	1.0.2	cpe:2.3:a:dojotoolkit:dojo:1.0.2:::::::*
dojotoolkit	dojo	1.1	cpe:2.3:a:dojotoolkit:dojo:1.1:::::::*
dojotoolkit	dojo	1.1.1	cpe:2.3:a:dojotoolkit:dojo:1.1.1:::::::*
dojotoolkit	dojo	1.2	cpe:2.3:a:dojotoolkit:dojo:1.2:::::::*

Rows per page:

1-10 of 181

References

dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/

secunia.com/advisories/38964

secunia.com/advisories/40007

www-01.ibm.com/support/docview.wss?uid=swg21431472

www-1.ibm.com/support/docview.wss?uid=swg1LO50833

www-1.ibm.com/support/docview.wss?uid=swg1LO50849

www-1.ibm.com/support/docview.wss?uid=swg1LO50856

www-1.ibm.com/support/docview.wss?uid=swg1LO50896

www-1.ibm.com/support/docview.wss?uid=swg1LO50932

www-1.ibm.com/support/docview.wss?uid=swg1LO50958

www-1.ibm.com/support/docview.wss?uid=swg1LO50994

www.vupen.com/english/advisories/2010/1281

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.02

Percentile

89.1%

JSON

Related for CVE-2010-2276