Back to search
CVE-2008-4325
Published: Sep 30, 2008
Modified: Sep 17, 2024
PUBLISHED
Description
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://viewvc.tigris.org/source/browse/viewvc?rev=1978&view=rev
x_refsource_CONFIRM
[oss-security] 20080919 viewvc security flaw?
mailing-list
x_refsource_MLIST
http://viewvc.tigris.org/issues/show_bug.cgi?id=354
x_refsource_CONFIRM
[oss-security] 20080920 Re: viewvc security flaw?
mailing-list
x_refsource_MLIST
FEDORA-2008-8270
vendor-advisory
x_refsource_FEDORA
FEDORA-2008-8252
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now