CVE-2008-5916Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-5916 | First vendor Publication | 2009-01-20 |
| Vendor | Cve | Last vendor Modification | 2009-08-19 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Security Protection
| Impacts | Provides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service. |
Detail
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5916 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 50918 | GIT gitweb/gitweb.perl diff.external Configuration Variable Crafted Query Loc... |
Internal Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2013-05-11 00:34:12 |
|
(High)
