CVE-2008-1292

NameCVE-2008-1292
DescriptionViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs471380

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
viewvc (PTS)jessie, jessie (lts)1.1.22-1+deb8u1fixed
stretch (lts), stretch1.1.26-1+deb9u1fixed
buster (security), buster, buster (lts)1.1.26-1+deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
viewvcsource(unstable)1.0.5-0.1471380

Search for package or bug name: Reporting problems