Vulnerability Details : CVE-2009-3619
Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."
Products affected by CVE-2009-3619
- cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:viewvc:viewvc:1.0.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3619
0.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3619
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2009-3619
-
http://www.vupen.com/english/advisories/2009/2257
Site en constructionPatch;Vendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00566.html
[SECURITY] Fedora 11 Update: viewvc-1.1.2-2.fc11
-
http://www.openwall.com/lists/oss-security/2009/10/16/10
oss-security - Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html
[SECURITY] Fedora 10 Update: viewvc-1.0.9-1.fc10
-
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:017 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES?revision=2235&pathrev=HEAD
Jump to