Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4888


Vulnerability Score 3.5 3.5
CVE Id CVE-2007-4888
Last Modified 15 Nov 2008 01:58:56
Published 13 Sep 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE



The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.

Vulnerable Systems


  • Xwiki 1.0 B1

  • Xwiki 1.0 B2


OSVDB - 40499


Last Updated: 27 May 2016 10:45:58