CVE-2008-1292

ViewVC - Exposure of Sensitive Information via Revision Metadata

Title source: llm
STIX 2.1

Description

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.

References (8)

Core 8
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200803-29.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29460
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29176
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0734/references
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28055
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=212288

Scores

EPSS 0.0137
EPSS Percentile 68.7%

Details

CWE
CWE-200
Status published
Products (2)
viewvc/viewvc 1.0.2
viewvc/viewvc 1.0.3
Published Mar 24, 2008
Tracked Since Feb 18, 2026