Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4831


Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4831
Last Modified 05 Sep 2008 04:57:57
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.

Vulnerable Systems


  • Viewcvs 0.9.2


SECTRACK - 1017704

BID - 12112

BUGTRAQ - 20070226 ViewCVS 0.9.4 issues

FULLDISC - 20050101 Two Vulnerabilities in ViewCVS

Last Updated: 27 May 2016 10:41:27