CVE-2008-4325

Severity

57%

Complexity

86%

Confidentiality

81%

lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed.

lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P).

Overview

First reported 16 years ago

2008-09-30 16:13:00

Last updated 14 years ago

2010-08-30 04:00:00

Affected Software

ViewVC 1.0.5

1.0.5

References

http://viewvc.tigris.org/issues/show_bug.cgi?id=354

Patch

http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011&r1=1968&r2=1978

http://viewvc.tigris.org/source/browse/viewvc?rev=1978&view=rev

[oss-security] 20080919 viewvc security flaw?

[oss-security] 20080920 Re: viewvc security flaw?

FEDORA-2008-8252

FEDORA-2008-8270

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.