Lucene search

MitreCVE-2008-4325

HistorySep 30, 2008 - 4:13 p.m.

CVE-2008-4325

2008-09-3016:13:50

mitre

web.nvd.nist.gov

cve

2008

4325

viewvc

lib/viewvc.py

http

vulnerability

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON

lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed.

Affected configurations

Nvd

Node

viewvcviewvcMatch1.0.5

VendorProductVersionCPE
viewvcviewvc1.0.5cpe:2.3:a:viewvc:viewvc:1.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
viewvc	viewvc	1.0.5	cpe:2.3:a:viewvc:viewvc:1.0.5:::::::*

References

viewvc.tigris.org/issues/show_bug.cgi?id=354

viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011&r1=1968&r2=1978

viewvc.tigris.org/source/browse/viewvc?rev=1978&view=rev

www.openwall.com/lists/oss-security/2008/09/19/4

www.openwall.com/lists/oss-security/2008/09/20/1

www.redhat.com/archives/fedora-package-announce/2008-September/msg01101.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg01142.html

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON

Related for CVE-2008-4325