Lucene search

[email protected]CVE-2008-1291

HistoryMar 24, 2008 - 5:44 p.m.

CVE-2008-1291

2008-03-2417:44:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-1291

viewvc

access control

sensitive information

web security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

Affected configurations

NVD

Node

gentoolinux

redhatfedoraMatch7

redhatfedoraMatch8

AND

viewvcviewvcMatch1.0.2

viewvcviewvcMatch1.0.3

CPENameOperatorVersion
viewvc:viewvcviewvceq1.0.2
viewvc:viewvcviewvceq1.0.3

CPE	Name	Operator	Version
viewvc:viewvc	viewvc	eq	1.0.2
viewvc:viewvc	viewvc	eq	1.0.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380

bugs.gentoo.org/show_bug.cgi?id=212288

secunia.com/advisories/29176

secunia.com/advisories/29460

security.gentoo.org/glsa/glsa-200803-29.xml

viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD

www.securityfocus.com/bid/28055

www.vupen.com/english/advisories/2008/0734/references

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2008-1291

cvelist1 debiancve1 nvd1 redhatcve1 nessus5 ubuntucve1 prion1 securityvulns2 openvas3 gentoo1 suse1