CVE Vulnerability

CVE-2008-1291

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
http://bugs.gentoo.org/show_bug.cgi?id=212288
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
http://security.gentoo.org/glsa/glsa-200803-29.xml
http://www.securityfocus.com/bid/28055 Patch
http://secunia.com/advisories/29176 Vendor Advisory
http://secunia.com/advisories/29460 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0734/references
Configurations

Configuration 1
Information

Published : 2008-03-24 05:44

Updated : 2009-08-20 05:14

NVD link : CVE-2008-1291

Mitre link : CVE-2008-1291

Products Affected
No products.
CWE
CWE-200