CVE-2008-1475
NONE EPSS 75.0%
Published Mar 24, 200818y ago · Modified Jun 16, 20262w ago
Published Mar 24, 2008 18y ago
Last Modified Jun 16, 2026 2w ago
Description
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Threat Intelligence
EPSS Exploit Probability
75.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-264
Affected Products 94
| Vendor | Product | Version | Range |
|---|---|---|---|
| roundup-tracker | roundup | * | ≤1.4.3 |
| roundup-tracker | roundup | 0.1.0 | any |
| roundup-tracker | roundup | 0.1.1 | any |
| roundup-tracker | roundup | 0.1.2 | any |
| roundup-tracker | roundup | 0.1.3 | any |
| roundup-tracker | roundup | 0.2.0 | any |
| roundup-tracker | roundup | 0.2.1 | any |
| roundup-tracker | roundup | 0.2.2 | any |
| roundup-tracker | roundup | 0.2.3 | any |
| roundup-tracker | roundup | 0.2.4 | any |
| roundup-tracker | roundup | 0.2.5 | any |
| roundup-tracker | roundup | 0.2.6 | any |
| roundup-tracker | roundup | 0.2.7 | any |
| roundup-tracker | roundup | 0.2.8 | any |
| roundup-tracker | roundup | 0.3.0 | any |
| roundup-tracker | roundup | 0.3.0 | any |
| roundup-tracker | roundup | 0.3.0 | any |
| roundup-tracker | roundup | 0.3.0 | any |
| roundup-tracker | roundup | 0.4.0 | any |
| roundup-tracker | roundup | 0.4.0 | any |
| roundup-tracker | roundup | 0.4.0 | any |
| roundup-tracker | roundup | 0.4.1 | any |
| roundup-tracker | roundup | 0.4.2 | any |
| roundup-tracker | roundup | 0.4.2 | any |
| roundup-tracker | roundup | 0.5 | any |
| roundup-tracker | roundup | 0.5.0 | any |
| roundup-tracker | roundup | 0.5.0 | any |
| roundup-tracker | roundup | 0.5.0 | any |
| roundup-tracker | roundup | 0.5.0 | any |
| roundup-tracker | roundup | 0.5.1 | any |
| roundup-tracker | roundup | 0.5.2 | any |
| roundup-tracker | roundup | 0.5.3 | any |
| roundup-tracker | roundup | 0.5.4 | any |
| roundup-tracker | roundup | 0.5.5 | any |
| roundup-tracker | roundup | 0.5.6 | any |
| roundup-tracker | roundup | 0.5.7 | any |
| roundup-tracker | roundup | 0.5.8 | any |
| roundup-tracker | roundup | 0.5.9 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.1 | any |
| roundup-tracker | roundup | 0.6.2 | any |
| roundup-tracker | roundup | 0.6.3 | any |
| roundup-tracker | roundup | 0.6.4 | any |
| roundup-tracker | roundup | 0.6.5 | any |
| roundup-tracker | roundup | 0.6.6 | any |
| roundup-tracker | roundup | 0.6.7 | any |
| roundup-tracker | roundup | 0.6.8 | any |
| roundup-tracker | roundup | 0.6.9 | any |
| roundup-tracker | roundup | 0.6.10 | any |
| roundup-tracker | roundup | 0.6.11 | any |
| roundup-tracker | roundup | 0.7.0 | any |
| roundup-tracker | roundup | 0.7.0 | any |
| roundup-tracker | roundup | 0.7.0 | any |
| roundup-tracker | roundup | 0.7.0 | any |
| roundup-tracker | roundup | 0.7.1 | any |
| roundup-tracker | roundup | 0.7.2 | any |
| roundup-tracker | roundup | 0.7.3 | any |
| roundup-tracker | roundup | 0.7.4 | any |
| roundup-tracker | roundup | 0.7.5 | any |
| roundup-tracker | roundup | 0.7.6 | any |
| roundup-tracker | roundup | 0.7.7 | any |
| roundup-tracker | roundup | 0.7.8 | any |
| roundup-tracker | roundup | 0.7.9 | any |
| roundup-tracker | roundup | 0.7.10 | any |
| roundup-tracker | roundup | 0.7.11 | any |
| roundup-tracker | roundup | 0.7.12 | any |
| roundup-tracker | roundup | 0.8.0 | any |
| roundup-tracker | roundup | 0.8.0 | any |
| roundup-tracker | roundup | 0.8.0 | any |
| roundup-tracker | roundup | 0.8.1 | any |
| roundup-tracker | roundup | 0.8.2 | any |
| roundup-tracker | roundup | 0.8.3 | any |
| roundup-tracker | roundup | 0.8.4 | any |
| roundup-tracker | roundup | 0.8.5 | any |
| roundup-tracker | roundup | 0.8.6 | any |
| roundup-tracker | roundup | 0.9.0 | any |
| roundup-tracker | roundup | 1.0 | any |
| roundup-tracker | roundup | 1.0.1 | any |
| roundup-tracker | roundup | 1.1.0 | any |
| roundup-tracker | roundup | 1.1.1 | any |
| roundup-tracker | roundup | 1.1.2 | any |
| roundup-tracker | roundup | 1.2.0 | any |
| roundup-tracker | roundup | 1.2.1 | any |
| roundup-tracker | roundup | 1.3.0 | any |
| roundup-tracker | roundup | 1.3.1 | any |
| roundup-tracker | roundup | 1.3.2 | any |
| roundup-tracker | roundup | 1.3.3 | any |
| roundup-tracker | roundup | 1.4.0 | any |
| roundup-tracker | roundup | 1.4.1 | any |
| roundup-tracker | roundup | 1.4.2 | any |
References 14
- secunia.com http://secunia.com/advisories/29336
- secunia.com http://secunia.com/advisories/29375
- secunia.com http://secunia.com/advisories/30274
- secunia.com http://secunia.com/advisories/32805
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200805-21.xml
- sourceforge.net http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
- securityfocus.com http://www.securityfocus.com/bid/28238
- vupen.com http://www.vupen.com/english/advisories/2008/0891
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=436546
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/41240
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.