CVE-2008-1290

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
24/03/2008
Last modified:
09/04/2025

Description

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*