CVE-2008-1292
 
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
ViewVC before 1.0.5 proporciona revisión de metadatos sin comprobar correctamente si el acceso fue intencionado, lo que permite a atacantes remotos obtener información sensible leyendo (1) rutas prohibidas en la vista de revisión, (2)el historial del log que sólo se puede alcanzar saltando un objeto prohibido, o (3)parámetros de ruta de vista diff prohibidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-03-12 CVE Reserved
- 2008-03-19 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 | X_refsource_confirm | |
http://bugs.gentoo.org/show_bug.cgi?id=212288 | X_refsource_confirm | |
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD | X_refsource_confirm | |
http://www.vupen.com/english/advisories/2008/0734/references | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.securityfocus.com/bid/28055 | 2009-08-20 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/29176 | 2009-08-20 | |
http://secunia.com/advisories/29460 | 2009-08-20 | |
http://security.gentoo.org/glsa/glsa-200803-29.xml | 2009-08-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Viewvc Search vendor "Viewvc" | Viewvc Search vendor "Viewvc" for product "Viewvc" | 1.0.2 Search vendor "Viewvc" for product "Viewvc" and version "1.0.2" | - |
Affected
| in | Gentoo Search vendor "Gentoo" | Linux Search vendor "Gentoo" for product "Linux" | * | - |
Safe
|
Viewvc Search vendor "Viewvc" | Viewvc Search vendor "Viewvc" for product "Viewvc" | 1.0.2 Search vendor "Viewvc" for product "Viewvc" and version "1.0.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Fedora Search vendor "Redhat" for product "Fedora" | 7 Search vendor "Redhat" for product "Fedora" and version "7" | - |
Safe
|
Viewvc Search vendor "Viewvc" | Viewvc Search vendor "Viewvc" for product "Viewvc" | 1.0.2 Search vendor "Viewvc" for product "Viewvc" and version "1.0.2" | - |
Affected
| in | Redhat Search vendor "Redhat" | Fedora Search vendor "Redhat" for product "Fedora" | 8 Search vendor "Redhat" for product "Fedora" and version "8" | - |
Safe
|
Viewvc Search vendor "Viewvc" | Viewvc Search vendor "Viewvc" for product "Viewvc" | 1.0.3 Search vendor "Viewvc" for product "Viewvc" and version "1.0.3" | - |
Affected
| in | Gentoo Search vendor "Gentoo" | Linux Search vendor "Gentoo" for product "Linux" | * | - |
Safe
|
Viewvc Search vendor "Viewvc" | Viewvc Search vendor "Viewvc" for product "Viewvc" | 1.0.3 Search vendor "Viewvc" for product "Viewvc" and version "1.0.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Fedora Search vendor "Redhat" for product "Fedora" | 7 Search vendor "Redhat" for product "Fedora" and version "7" | - |
Safe
|
Viewvc Search vendor "Viewvc" | Viewvc Search vendor "Viewvc" for product "Viewvc" | 1.0.3 Search vendor "Viewvc" for product "Viewvc" and version "1.0.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Fedora Search vendor "Redhat" for product "Fedora" | 8 Search vendor "Redhat" for product "Fedora" and version "8" | - |
Safe
|