First published: Mon Mar 24 2008(Updated: )
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Gentoo Linux | ||
Fedora | =7 | |
Fedora | =8 | |
ViewVC | =1.0.2 | |
ViewVC | =1.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-1290 has a medium severity rating as it allows remote attackers to obtain sensitive information.
To fix CVE-2008-1290, upgrade ViewVC to a version later than 1.0.5.
Vulnerable versions of ViewVC include 1.0.2 and 1.0.3.
Yes, CVE-2008-1290 can be exploited remotely to access sensitive information.
CVE-2008-1290 specifically impacts ViewVC versions 1.0.2 and 1.0.3.