4.3

CVE-2008-1290

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ViewvcViewvc Version1.0.2
   GentooLinux
   RedhatFedora Version7
   RedhatFedora Version8
ViewvcViewvc Version1.0.3
   GentooLinux
   RedhatFedora Version7
   RedhatFedora Version8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.683
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
http://bugs.gentoo.org/show_bug.cgi?id=212288
http://secunia.com/advisories/29176
Vendor Advisory
http://secunia.com/advisories/29460
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200803-29.xml
http://www.securityfocus.com/bid/28055
Patch
http://www.vupen.com/english/advisories/2008/0734/references