CVE Vulnerability

CVE-2008-0167

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

4.6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz
http://www.debian.org/security/2008/dsa-1577 Patch
http://www.securityfocus.com/bid/29215
http://secunia.com/advisories/30088 Vendor Advisory
http://secunia.com/advisories/30286 Vendor Advisory
http://www.vupen.com/english/advisories/2008/1537/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42456
Configurations

Configuration 1
Information

Published : 2008-05-18 02:20

Updated : 2017-08-08 01:29

NVD link : CVE-2008-0167

Mitre link : CVE-2008-0167

Products Affected
No products.
CWE
CWE-59