Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2008-1291HistoryMar 24, 2008 - 5:44 p.m.
CVE-2008-1291
2008-03-2417:44:00
Debian Security Bug Tracker
security-tracker.debian.org
17
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.006
Percentile
79.4%
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | viewvc | < 1.0.5-0.1 | viewvc_1.0.5-0.1_all.deb |
Related
cvelist
cvelist
CVE-2008-1291
2008-03-24 17:00:00
nvd
nvd
CVE-2008-1291
2008-03-24 17:44:00
prion
prion
Improper access control
2008-03-24 17:44:00
cve
cve
CVE-2008-1291
2008-03-24 17:44:00
redhatcve
redhatcve
CVE-2008-1291
2019-10-04 21:57:40
ubuntucve
ubuntucve
CVE-2008-1291
2008-03-24 00:00:00
nessus
nessus
ViewVC Direct Request CVSROOT Information Disclosure
2008-05-19 00:00:00
openSUSE Security Update : viewvc (viewvc-48)
2009-07-21 00:00:00
openSUSE 10 Security Update : viewvc (viewvc-5358)
2008-08-01 00:00:00
securityvulns
securityvulns
[ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities
2008-03-20 00:00:00
gentoo
gentoo
ViewVC: Multiple vulnerabilities
2008-03-19 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200803-29 (viewvc)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200803-29 (viewvc)
2008-09-24 00:00:00
SuSE Update for net-snmp SUSE-SA:2008:039
2009-01-23 00:00:00
suse
suse
authentication bypass, denial-of-service in net-snmp
2008-08-01 13:33:56
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.006
Percentile
79.4%
Related for DEBIANCVE:CVE-2008-1291