Lucene search

MitreCVELIST:CVE-2008-1475

HistoryMar 24, 2008 - 10:00 p.m.

CVE-2008-1475

2008-03-2422:00:00

mitre

www.cve.org

AI Score

6.1

Confidence

Low

EPSS

0.01

Percentile

83.8%

JSON

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

References

secunia.com/advisories/29336

secunia.com/advisories/29375

secunia.com/advisories/30274

secunia.com/advisories/32805

security.gentoo.org/glsa/glsa-200805-21.xml

sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788

www.securityfocus.com/bid/28238

www.vupen.com/english/advisories/2008/0891

bugzilla.redhat.com/show_bug.cgi?id=436546

exchange.xforce.ibmcloud.com/vulnerabilities/41240

www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html

www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html

www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html

www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html