Published: 24/03/2008 Updated: 20/08/2009

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

ViewVC prior to 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read files and list folders under the hidden CVSROOT folder.

Vulnerable Product	Search on Vulmon	Subscribe to Product
viewvc viewvc 1.0.2
viewvc viewvc 1.0.3

Debian Bug report logs - #471380 viewvc: Multiple security issues Package: viewvc; Maintainer for viewvc is Lev Lamberov <dogsleg@debianorg>; Source for viewvc is src:viewvc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 17 Mar 2008 20:54:02 UTC Severity: grave Tags: patch, securi ...

CWE-200 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 http://bugs.gentoo.org/show_bug.cgi?id=212288 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD http://security.gentoo.org/glsa/glsa-200803-29.xml http://www.securityfocus.com/bid/28055 http://secunia.com/advisories/29176 http://secunia.com/advisories/29460 http://www.vupen.com/english/advisories/2008/0734/references https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1291

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect