CVE-2008-1475

medium

Description

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

References

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/41240

https://bugzilla.redhat.com/show_bug.cgi?id=436546

http://www.vupen.com/english/advisories/2008/0891

http://www.securityfocus.com/bid/28238

http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788

http://security.gentoo.org/glsa/glsa-200805-21.xml

http://secunia.com/advisories/32805

http://secunia.com/advisories/30274

http://secunia.com/advisories/29375

http://secunia.com/advisories/29336

Details

Source: Mitre, NVD

Published: 2008-03-24

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N