CVE-2008-1475

Опубликовано: 24 мар. 2008

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*

Версия до 1.4.3 (включая)

cpe:2.3:a:roundup-tracker:roundup:0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.2.2:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.2.3:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.2.6:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.2.7:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.2.8:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre1:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre2:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre3:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.4.0:b1:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.4.0:b2:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.4.2:pr1:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.0:pr1:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.3:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.4:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.5:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.6:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.7:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.8:stable:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.5.9:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.0:b1:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.0:b2:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.0:b3:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.0:b4:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.2:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.3:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.4:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.5:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.6:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.7:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.8:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.9:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.10:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.6.11:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.0:b1:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.0:b2:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.0:b3:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.4:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.5:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.6:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.7:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.8:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.9:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.10:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.11:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.7.12:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.8.0:b1:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.8.0:b2:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.8.2:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.8.3:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.8.4:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.8.5:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.8.6:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:0.9.0:b1:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:roundup-tracker:roundup:1.4.2:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.0047

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2008-1475

ubuntu

больше 17 лет назад

CVE-2008-1475

debian

больше 17 лет назад

The xml-rpc server in Roundup 1.4.4 does not check property permission ...

GHSA-j59j-h3g7-cpmf

CVSS3: 9.1

github

больше 3 лет назад

Roundup xml-rpc server improper check of property permissions

EPSS

Процентиль: 64%

0.0047

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264