CVE Vulnerability

CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
http://bugs.gentoo.org/show_bug.cgi?id=212288
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
http://security.gentoo.org/glsa/glsa-200803-29.xml
http://www.securityfocus.com/bid/28055 Patch
http://secunia.com/advisories/29176 Vendor Advisory
http://secunia.com/advisories/29460 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0734/references
Configurations

Configuration 1
Information

Published : 2008-03-24 05:44

Updated : 2009-08-20 05:14

NVD link : CVE-2008-1292

Mitre link : CVE-2008-1292

Products Affected
No products.
CWE
CWE-200