CVE-2008-1291

Summary

CVE	CVE-2008-1291
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-03-24 17:44:00 UTC
Updated	2009-08-20 05:14:00 UTC
Description	ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Gentoo	Linux	All	All	All	All
Operating System	Gentoo	Linux	All	All	All	All
Operating System	Redhat	Fedora	7	All	All	All
Operating System	Redhat	Fedora	8	All	All	All
Operating System	Redhat	Fedora	7	All	All	All
Operating System	Redhat	Fedora	8	All	All	All
Application	Viewvc	Viewvc	1.0.2	All	All	All
Application	Viewvc	Viewvc	1.0.3	All	All	All
Application	Viewvc	Viewvc	1.0.2	All	All	All
Application	Viewvc	Viewvc	1.0.3	All	All	All

References

Reference	Source	Link	Tags
Gentoo update for viewvc - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
ViewVC Multiple Remote Information Disclosure Vulnerabilities	BID	www.securityfocus.com	Patch
ViewVC Multiple Security Issues - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
#471380 - viewvc: Multiple security issues - Debian Bug report logs	CONFIRM	bugs.debian.org
viewvc: Subversion	CONFIRM	viewvc.tigris.org
ViewVC: Multiple vulnerabilities — Gentoo Linux Documentation	GENTOO	security.gentoo.org
Gentoo Bug 212288 - www-apps/viewvc < 1.0.5 Multiple issues (CVE-2008-{1290,1291,1292})	CONFIRM	bugs.gentoo.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.