Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1292

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1292
Last Modified 20 Aug 2009 01:14:20
Published 24 Mar 2008 01:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1292

Summary

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.

Vulnerable Systems

Application

  • Viewvc 1.0.2

  • Viewvc 1.0.3


References

BID - 28055

VUPEN - ADV-2008-0734

CONFIRM - http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD

GENTOO - GLSA-200803-29

SECUNIA - 29460

SECUNIA - 29176

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=212288

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380


Last Updated: 27 May 2016 10:47:06