CVE-2008-1475

Sažetak

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

Reference

http://secunia.com/advisories/29336
http://secunia.com/advisories/29375
http://secunia.com/advisories/30274
http://secunia.com/advisories/32805
http://security.gentoo.org/glsa/glsa-200805-21.xml
http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
http://www.securityfocus.com/bid/28238
http://www.vupen.com/english/advisories/2008/0891
https://bugzilla.redhat.com/show_bug.cgi?id=436546
https://exchange.xforce.ibmcloud.com/vulnerabilities/41240
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:30

Objavljeno

24-03-2008 - 22:44