mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
129 lines
4.0 KiB
JSON
129 lines
4.0 KiB
JSON
{
|
|
"id": "CVE-2008-1292",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2008-03-24T17:44:00.000",
|
|
"lastModified": "2009-08-20T05:14:20.337",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "ViewVC before 1.0.5 proporciona revisi\u00f3n de metadatos sin comprobar correctamente si el acceso fue intencionado, lo que permite a atacantes remotos obtener informaci\u00f3n sensible leyendo (1) rutas prohibidas en la vista de revisi\u00f3n, (2)el historial del log que s\u00f3lo se puede alcanzar saltando un objeto prohibido, o (3)par\u00e1metros de ruta de vista diff prohibidos."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "793F6DB3-A6C2-4813-BD2D-AF34D85F6CCA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1B6F2BC5-D099-427C-9513-75551ABF1997"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://bugs.gentoo.org/show_bug.cgi?id=212288",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://security.gentoo.org/glsa/glsa-200803-29.xml",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/28055",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/0734/references",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |