Viewvc : Security Vulnerabilities, CVEs, Published In 2008

CVE-2008-4325

lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed.
Max CVSS
5.8
EPSS Score
0.95%
Published
2008-09-30
Updated
2010-08-30

CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
Max CVSS
4.3
EPSS Score
0.69%
Published
2008-03-24
Updated
2009-08-20

CVE-2008-1291

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
Max CVSS
4.3
EPSS Score
0.55%
Published
2008-03-24
Updated
2009-08-20

CVE-2008-1290

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
Max CVSS
4.3
EPSS Score
0.69%
Published
2008-03-24
Updated
2009-08-20
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close