Published: 24/03/2008 Updated: 20/08/2009

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

ViewVC prior to 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote malicious users to obtain sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
viewvc viewvc 1.0.2
viewvc viewvc 1.0.3

Debian Bug report logs - #471380 viewvc: Multiple security issues Package: viewvc; Maintainer for viewvc is Lev Lamberov <dogsleg@debianorg>; Source for viewvc is src:viewvc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 17 Mar 2008 20:54:02 UTC Severity: grave Tags: patch, securi ...

CWE-200 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 http://bugs.gentoo.org/show_bug.cgi?id=212288 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD http://security.gentoo.org/glsa/glsa-200803-29.xml http://www.securityfocus.com/bid/28055 http://secunia.com/advisories/29176 http://secunia.com/advisories/29460 http://www.vupen.com/english/advisories/2008/0734/references https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1290

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect