Vulnerability Description
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Viewvc | Viewvc | 1.0.5 |
References
- http://viewvc.tigris.org/issues/show_bug.cgi?id=354Patch
- http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011&r1=19
- http://viewvc.tigris.org/source/browse/viewvc?rev=1978&view=rev
- http://www.openwall.com/lists/oss-security/2008/09/19/4
- http://www.openwall.com/lists/oss-security/2008/09/20/1
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01101.
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01142.
- http://viewvc.tigris.org/issues/show_bug.cgi?id=354Patch
- http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011&r1=19
- http://viewvc.tigris.org/source/browse/viewvc?rev=1978&view=rev
- http://www.openwall.com/lists/oss-security/2008/09/19/4
- http://www.openwall.com/lists/oss-security/2008/09/20/1
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01101.
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01142.
FAQ
What is CVE-2008-4325?
CVE-2008-4325 is a vulnerability with a CVSS score of 5.8 (MEDIUM). lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted ...
How severe is CVE-2008-4325?
CVE-2008-4325 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4325?
Check the references section above for vendor advisories and patch information. Affected products include: Viewvc Viewvc.