CVE-2008-1291
ViewVC - Exposure of Sensitive Information via CVSROOT Folder
Title source: llmDescription
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200803-29.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29460
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29176
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0734/references
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28055
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=212288
Various Sources x_refsource_confirm
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
Scores
EPSS
0.0137
EPSS Percentile
68.7%
Details
CWE
CWE-200
Status
published
Products (2)
viewvc/viewvc
1.0.2
viewvc/viewvc
1.0.3
Published
Mar 24, 2008
Tracked Since
Feb 18, 2026