CVE-2008-1291
Published: 24 March 2008
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
Priority
Status
Package | Release | Status |
---|---|---|
viewcvs Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(1.0.5)
|
|
viewvc Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Not vulnerable
(1.0.5-0.1)
|
|
jaunty |
Not vulnerable
(1.0.5-0.2)
|
|
karmic |
Not vulnerable
(1.0.5-0.2)
|
|
lucid |
Not vulnerable
(1.0.9-1)
|
|
maverick |
Not vulnerable
(1.0.9-1)
|
|
natty |
Not vulnerable
(1.0.9-1)
|
|
oneiric |
Not vulnerable
(1.0.9-1)
|
|
upstream |
Not vulnerable
(1.0.5)
|