CVE-2008-1475

NONE EPSS 75.0%
Published Mar 24, 200818y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 24, 2008 18y ago
Last Modified Jun 16, 2026 2w ago

Description

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

Threat Intelligence

EPSS Exploit Probability
75.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-264

Affected Products 94

VendorProductVersionRange
roundup-trackerroundup* ≤1.4.3
roundup-trackerroundup0.1.0any
roundup-trackerroundup0.1.1any
roundup-trackerroundup0.1.2any
roundup-trackerroundup0.1.3any
roundup-trackerroundup0.2.0any
roundup-trackerroundup0.2.1any
roundup-trackerroundup0.2.2any
roundup-trackerroundup0.2.3any
roundup-trackerroundup0.2.4any
roundup-trackerroundup0.2.5any
roundup-trackerroundup0.2.6any
roundup-trackerroundup0.2.7any
roundup-trackerroundup0.2.8any
roundup-trackerroundup0.3.0any
roundup-trackerroundup0.3.0any
roundup-trackerroundup0.3.0any
roundup-trackerroundup0.3.0any
roundup-trackerroundup0.4.0any
roundup-trackerroundup0.4.0any
roundup-trackerroundup0.4.0any
roundup-trackerroundup0.4.1any
roundup-trackerroundup0.4.2any
roundup-trackerroundup0.4.2any
roundup-trackerroundup0.5any
roundup-trackerroundup0.5.0any
roundup-trackerroundup0.5.0any
roundup-trackerroundup0.5.0any
roundup-trackerroundup0.5.0any
roundup-trackerroundup0.5.1any
roundup-trackerroundup0.5.2any
roundup-trackerroundup0.5.3any
roundup-trackerroundup0.5.4any
roundup-trackerroundup0.5.5any
roundup-trackerroundup0.5.6any
roundup-trackerroundup0.5.7any
roundup-trackerroundup0.5.8any
roundup-trackerroundup0.5.9any
roundup-trackerroundup0.6.0any
roundup-trackerroundup0.6.0any
roundup-trackerroundup0.6.0any
roundup-trackerroundup0.6.0any
roundup-trackerroundup0.6.0any
roundup-trackerroundup0.6.1any
roundup-trackerroundup0.6.2any
roundup-trackerroundup0.6.3any
roundup-trackerroundup0.6.4any
roundup-trackerroundup0.6.5any
roundup-trackerroundup0.6.6any
roundup-trackerroundup0.6.7any
roundup-trackerroundup0.6.8any
roundup-trackerroundup0.6.9any
roundup-trackerroundup0.6.10any
roundup-trackerroundup0.6.11any
roundup-trackerroundup0.7.0any
roundup-trackerroundup0.7.0any
roundup-trackerroundup0.7.0any
roundup-trackerroundup0.7.0any
roundup-trackerroundup0.7.1any
roundup-trackerroundup0.7.2any
roundup-trackerroundup0.7.3any
roundup-trackerroundup0.7.4any
roundup-trackerroundup0.7.5any
roundup-trackerroundup0.7.6any
roundup-trackerroundup0.7.7any
roundup-trackerroundup0.7.8any
roundup-trackerroundup0.7.9any
roundup-trackerroundup0.7.10any
roundup-trackerroundup0.7.11any
roundup-trackerroundup0.7.12any
roundup-trackerroundup0.8.0any
roundup-trackerroundup0.8.0any
roundup-trackerroundup0.8.0any
roundup-trackerroundup0.8.1any
roundup-trackerroundup0.8.2any
roundup-trackerroundup0.8.3any
roundup-trackerroundup0.8.4any
roundup-trackerroundup0.8.5any
roundup-trackerroundup0.8.6any
roundup-trackerroundup0.9.0any
roundup-trackerroundup1.0any
roundup-trackerroundup1.0.1any
roundup-trackerroundup1.1.0any
roundup-trackerroundup1.1.1any
roundup-trackerroundup1.1.2any
roundup-trackerroundup1.2.0any
roundup-trackerroundup1.2.1any
roundup-trackerroundup1.3.0any
roundup-trackerroundup1.3.1any
roundup-trackerroundup1.3.2any
roundup-trackerroundup1.3.3any
roundup-trackerroundup1.4.0any
roundup-trackerroundup1.4.1any
roundup-trackerroundup1.4.2any

References 14

  • secunia.com http://secunia.com/advisories/29336
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/29375
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/30274
  • secunia.com http://secunia.com/advisories/32805
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200805-21.xml
  • sourceforge.net http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
  • securityfocus.com http://www.securityfocus.com/bid/28238
  • vupen.com http://www.vupen.com/english/advisories/2008/0891
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=436546
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/41240
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.