Lucene search
MitreCVE-2008-1475HistoryMar 24, 2008 - 10:44 p.m.
CVE-2008-1475
2008-03-2422:44:00
CWE-264
mitre
web.nvd.nist.gov
28
xml-rpc
roundup 1.4.4
property permissions
security vulnerability
cve-2008-1475
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.01
Percentile
83.8%
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Affected configurations
Node
roundup-trackerroundupRange≤1.4.3
ORroundup-trackerroundupMatch0.1.0
ORroundup-trackerroundupMatch0.1.1
ORroundup-trackerroundupMatch0.1.2
ORroundup-trackerroundupMatch0.1.3
ORroundup-trackerroundupMatch0.2.0
ORroundup-trackerroundupMatch0.2.1
ORroundup-trackerroundupMatch0.2.2
ORroundup-trackerroundupMatch0.2.3
ORroundup-trackerroundupMatch0.2.4
ORroundup-trackerroundupMatch0.2.5
ORroundup-trackerroundupMatch0.2.6
ORroundup-trackerroundupMatch0.2.7
ORroundup-trackerroundupMatch0.2.8
ORroundup-trackerroundupMatch0.3.0
ORroundup-trackerroundupMatch0.3.0pre1
ORroundup-trackerroundupMatch0.3.0pre2
ORroundup-trackerroundupMatch0.3.0pre3
ORroundup-trackerroundupMatch0.4.0
ORroundup-trackerroundupMatch0.4.0b1
ORroundup-trackerroundupMatch0.4.0b2
ORroundup-trackerroundupMatch0.4.1
ORroundup-trackerroundupMatch0.4.2
ORroundup-trackerroundupMatch0.4.2pr1
ORroundup-trackerroundupMatch0.5
ORroundup-trackerroundupMatch0.5.0
ORroundup-trackerroundupMatch0.5.0beta1
ORroundup-trackerroundupMatch0.5.0beta2
ORroundup-trackerroundupMatch0.5.0pr1
ORroundup-trackerroundupMatch0.5.1
ORroundup-trackerroundupMatch0.5.2
ORroundup-trackerroundupMatch0.5.3
ORroundup-trackerroundupMatch0.5.4
ORroundup-trackerroundupMatch0.5.5
ORroundup-trackerroundupMatch0.5.6
ORroundup-trackerroundupMatch0.5.7
ORroundup-trackerroundupMatch0.5.8stable
ORroundup-trackerroundupMatch0.5.9
ORroundup-trackerroundupMatch0.6.0
ORroundup-trackerroundupMatch0.6.0b1
ORroundup-trackerroundupMatch0.6.0b2
ORroundup-trackerroundupMatch0.6.0b3
ORroundup-trackerroundupMatch0.6.0b4
ORroundup-trackerroundupMatch0.6.1
ORroundup-trackerroundupMatch0.6.2
ORroundup-trackerroundupMatch0.6.3
ORroundup-trackerroundupMatch0.6.4
ORroundup-trackerroundupMatch0.6.5
ORroundup-trackerroundupMatch0.6.6
ORroundup-trackerroundupMatch0.6.7
ORroundup-trackerroundupMatch0.6.8
ORroundup-trackerroundupMatch0.6.9
ORroundup-trackerroundupMatch0.6.10
ORroundup-trackerroundupMatch0.6.11
ORroundup-trackerroundupMatch0.7.0
ORroundup-trackerroundupMatch0.7.0b1
ORroundup-trackerroundupMatch0.7.0b2
ORroundup-trackerroundupMatch0.7.0b3
ORroundup-trackerroundupMatch0.7.1
ORroundup-trackerroundupMatch0.7.2
ORroundup-trackerroundupMatch0.7.3
ORroundup-trackerroundupMatch0.7.4
ORroundup-trackerroundupMatch0.7.5
ORroundup-trackerroundupMatch0.7.6
ORroundup-trackerroundupMatch0.7.7
ORroundup-trackerroundupMatch0.7.8
ORroundup-trackerroundupMatch0.7.9
ORroundup-trackerroundupMatch0.7.10
ORroundup-trackerroundupMatch0.7.11
ORroundup-trackerroundupMatch0.7.12
ORroundup-trackerroundupMatch0.8.0
ORroundup-trackerroundupMatch0.8.0b1
ORroundup-trackerroundupMatch0.8.0b2
ORroundup-trackerroundupMatch0.8.1
ORroundup-trackerroundupMatch0.8.2
ORroundup-trackerroundupMatch0.8.3
ORroundup-trackerroundupMatch0.8.4
ORroundup-trackerroundupMatch0.8.5
ORroundup-trackerroundupMatch0.8.6
ORroundup-trackerroundupMatch0.9.0b1
ORroundup-trackerroundupMatch1.0
ORroundup-trackerroundupMatch1.0.1
ORroundup-trackerroundupMatch1.1.0
ORroundup-trackerroundupMatch1.1.1
ORroundup-trackerroundupMatch1.1.2
ORroundup-trackerroundupMatch1.2.0
ORroundup-trackerroundupMatch1.2.1
ORroundup-trackerroundupMatch1.3.0
ORroundup-trackerroundupMatch1.3.1
ORroundup-trackerroundupMatch1.3.2
ORroundup-trackerroundupMatch1.3.3
ORroundup-trackerroundupMatch1.4.0
ORroundup-trackerroundupMatch1.4.1
ORroundup-trackerroundupMatch1.4.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| roundup-tracker | roundup | * | cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:* |
| roundup-tracker | roundup | 0.1.0 | cpe:2.3:a:roundup-tracker:roundup:0.1.0:*:*:*:*:*:*:* |
| roundup-tracker | roundup | 0.1.1 | cpe:2.3:a:roundup-tracker:roundup:0.1.1:*:*:*:*:*:*:* |
| roundup-tracker | roundup | 0.1.2 | cpe:2.3:a:roundup-tracker:roundup:0.1.2:*:*:*:*:*:*:* |
| roundup-tracker | roundup | 0.1.3 | cpe:2.3:a:roundup-tracker:roundup:0.1.3:*:*:*:*:*:*:* |
| roundup-tracker | roundup | 0.2.0 | cpe:2.3:a:roundup-tracker:roundup:0.2.0:*:*:*:*:*:*:* |
| roundup-tracker | roundup | 0.2.1 | cpe:2.3:a:roundup-tracker:roundup:0.2.1:*:*:*:*:*:*:* |
| roundup-tracker | roundup | 0.2.2 | cpe:2.3:a:roundup-tracker:roundup:0.2.2:*:*:*:*:*:*:* |
| roundup-tracker | roundup | 0.2.3 | cpe:2.3:a:roundup-tracker:roundup:0.2.3:*:*:*:*:*:*:* |
| roundup-tracker | roundup | 0.2.4 | cpe:2.3:a:roundup-tracker:roundup:0.2.4:*:*:*:*:*:*:* |
References
secunia.com/advisories/29336
secunia.com/advisories/29375
secunia.com/advisories/30274
secunia.com/advisories/32805
security.gentoo.org/glsa/glsa-200805-21.xml
sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
www.securityfocus.com/bid/28238
www.vupen.com/english/advisories/2008/0891
bugzilla.redhat.com/show_bug.cgi?id=436546
exchange.xforce.ibmcloud.com/vulnerabilities/41240
www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
Related
nessus
nessus
Fedora 8 : roundup-1.4.6-1.fc8 (2008-9712)
2008-11-21 00:00:00
Fedora 9 : roundup-1.4.6-1.fc9 (2008-9734)
2008-11-21 00:00:00
GLSA-200805-21 : Roundup: Permission bypass
2008-05-28 00:00:00
osv
osv
PYSEC-2008-10
2008-03-24 22:44:00
Roundup xml-rpc server improper check of property permissions
2022-05-01 23:40:33
github
github
Roundup xml-rpc server improper check of property permissions
2022-05-01 23:40:33
fedora
fedora
[SECURITY] Fedora 8 Update: roundup-1.4.6-1.fc8
2008-11-19 14:48:40
[SECURITY] Fedora 9 Update: roundup-1.4.6-1.fc9
2008-11-19 14:51:49
cvelist
cvelist
CVE-2008-1475
2008-03-24 22:00:00
redhatcve
redhatcve
CVE-2008-1475
2019-10-04 22:02:05
openvas
openvas
Fedora Update for roundup FEDORA-2008-9734
2009-02-17 00:00:00
Fedora Update for roundup FEDORA-2008-9712
2009-02-17 00:00:00
Fedora Update for roundup FEDORA-2008-9734
2009-02-17 00:00:00
prion
prion
Design/Logic Flaw
2008-03-24 22:44:00
ubuntucve
ubuntucve
CVE-2008-1475
2008-03-24 00:00:00
nvd
nvd
CVE-2008-1475
2008-03-24 22:44:00
veracode
veracode
Authorization Bypass
2024-04-30 11:35:35
gentoo
gentoo
Roundup: Permission bypass
2008-05-27 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.01
Percentile
83.8%
Related for CVE-2008-1475