4.3

CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ViewvcViewvc Version1.0.2
   GentooLinux
   RedhatFedora Version7
   RedhatFedora Version8
ViewvcViewvc Version1.0.3
   GentooLinux
   RedhatFedora Version7
   RedhatFedora Version8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.683
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
http://bugs.gentoo.org/show_bug.cgi?id=212288
http://secunia.com/advisories/29176
Vendor Advisory
http://secunia.com/advisories/29460
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200803-29.xml
http://www.securityfocus.com/bid/28055
Patch
http://www.vupen.com/english/advisories/2008/0734/references