Published: 24/03/2008 Updated: 20/08/2009

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

ViewVC prior to 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote malicious users to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
viewvc viewvc 1.0.3
viewvc viewvc 1.0.2

Debian Bug report logs - #471380 viewvc: Multiple security issues Package: viewvc; Maintainer for viewvc is Lev Lamberov <dogsleg@debianorg>; Source for viewvc is src:viewvc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 17 Mar 2008 20:54:02 UTC Severity: grave Tags: patch, securi ...

CWE-200 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 http://bugs.gentoo.org/show_bug.cgi?id=212288 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD http://security.gentoo.org/glsa/glsa-200803-29.xml http://www.securityfocus.com/bid/28055 http://secunia.com/advisories/29176 http://secunia.com/advisories/29460 http://www.vupen.com/english/advisories/2008/0734/references https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1292

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect