CVE-2008-1291 Information

Feb 14, 2021 cve

Description

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380 http://bugs.gentoo.org/show_bug.cgi?id=212288 http://secunia.com/advisories/29176 http://secunia.com/advisories/29460 http://security.gentoo.org/glsa/glsa-200803-29.xml http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD http://www.securityfocus.com/bid/28055 http://www.vupen.com/english/advisories/2008/0734/references

Share on: