CVE-2008-1291

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
OR cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-03-24 17:44

Updated : 2024-02-04 17:33


NVD link : CVE-2008-1291

Mitre link : CVE-2008-1291

CVE.ORG link : CVE-2008-1291


JSON object : View

Products Affected

gentoo

  • linux

viewvc

  • viewvc

redhat

  • fedora
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor