Vulnerability Details : CVE-2008-1291
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2008-1291
Probability of exploitation activity in the next 30 days: 0.51%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-1291
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
[email protected] |
CWE ids for CVE-2008-1291
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: [email protected] (Primary)
References for CVE-2008-1291
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
- http://www.vupen.com/english/advisories/2008/0734/references
- http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
- http://security.gentoo.org/glsa/glsa-200803-29.xml
- http://bugs.gentoo.org/show_bug.cgi?id=212288
- http://www.securityfocus.com/bid/28055
Products affected by CVE-2008-1291
- cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*