Vulnerability Description
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Linux | All versions |
| Redhat | Fedora | 7 |
| Viewvc | Viewvc | 1.0.2 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
- http://bugs.gentoo.org/show_bug.cgi?id=212288
- http://secunia.com/advisories/29176Vendor Advisory
- http://secunia.com/advisories/29460Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200803-29.xml
- http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
- http://www.securityfocus.com/bid/28055Patch
- http://www.vupen.com/english/advisories/2008/0734/references
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
- http://bugs.gentoo.org/show_bug.cgi?id=212288
- http://secunia.com/advisories/29176Vendor Advisory
- http://secunia.com/advisories/29460Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200803-29.xml
- http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
- http://www.securityfocus.com/bid/28055Patch
FAQ
What is CVE-2008-1291?
CVE-2008-1291 is a vulnerability with a CVSS score of 4.3 (MEDIUM). ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
How severe is CVE-2008-1291?
CVE-2008-1291 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1291?
Check the references section above for vendor advisories and patch information. Affected products include: Gentoo Linux, Redhat Fedora, Viewvc Viewvc.