GoogleOSV:PYSEC-2008-10PYSEC-2008-10
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
References
secunia.com/advisories/29336
secunia.com/advisories/29375
secunia.com/advisories/30274
secunia.com/advisories/32805
security.gentoo.org/glsa/glsa-200805-21.xml
sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
www.securityfocus.com/bid/28238
www.vupen.com/english/advisories/2008/0891
bugzilla.redhat.com/show_bug.cgi?id=436546
exchange.xforce.ibmcloud.com/vulnerabilities/41240
www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
Related
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N