CVE-2008-1291

ViewVC - Exposure of Sensitive Information via CVSROOT Folder

Title source: llm
STIX 2.1

Description

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

References (8)

Core 8
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200803-29.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29460
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29176
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0734/references
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28055
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=212288

Scores

EPSS 0.0137
EPSS Percentile 68.7%

Details

CWE
CWE-200
Status published
Products (2)
viewvc/viewvc 1.0.2
viewvc/viewvc 1.0.3
Published Mar 24, 2008
Tracked Since Feb 18, 2026