Lucene search

K

[email protected]NVD:CVE-2008-1292

HistoryMar 24, 2008 - 5:44 p.m.

CVE-2008-1292

2008-03-2417:44:00

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.5%

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.

Affected configurations

NVD

Node

gentoolinux

OR

redhatfedoraMatch7

OR

redhatfedoraMatch8

AND

viewvcviewvcMatch1.0.2

OR

viewvcviewvcMatch1.0.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380

bugs.gentoo.org/show_bug.cgi?id=212288

secunia.com/advisories/29176

secunia.com/advisories/29460

security.gentoo.org/glsa/glsa-200803-29.xml

viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD

www.securityfocus.com/bid/28055

www.vupen.com/english/advisories/2008/0734/references

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.5%

Related for NVD:CVE-2008-1292

debiancve1 prion1 redhatcve1 cvelist1 cve1 ubuntucve1 nessus4 gentoo1 securityvulns2 openvas3 suse1