Vulnerability Name:

CVE-2008-1474 (CCN-41241)

Assigned:2008-03-07
Published:2008-03-07
Updated:2017-08-08
Summary:Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
CWE-79
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2008-1474

Source: CCN
Type: SourceForge.net Repository - Log of /roundup/CHANGES.txt, Fri Mar 7 01:11:54 2008 UTC
View of /roundup/CHANGES.txt

Source: CONFIRM
Type: Patch, Vendor Advisory
http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup

Source: CCN
Type: Roundup Web site
Roundup Issue Tracker

Source: CCN
Type: SA29336
Roundup Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
29336

Source: SECUNIA
Type: Vendor Advisory
29375

Source: SECUNIA
Type: Patch, Vendor Advisory
29848

Source: SECUNIA
Type: Vendor Advisory
30274

Source: GENTOO
Type: UNKNOWN
GLSA-200805-21

Source: DEBIAN
Type: UNKNOWN
DSA-1554

Source: DEBIAN
Type: DSA-1554
roundup -- insufficient input sanitising

Source: CCN
Type: GLSA-200805-21
Roundup: Permission bypass

Source: CCN
Type: OSVDB ID: 43107
Roundup Multiple Unspecified Issues

Source: BID
Type: Patch
28239

Source: CCN
Type: BID-28239
Roundup Unspecified Security Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0891

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=436546

Source: XF
Type: UNKNOWN
roundup-multiple-unspecified(41241)

Source: XF
Type: UNKNOWN
roundup-multiple-unspecified(41241)

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2370

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2471

Vulnerable Configuration:Configuration 1:
  • cpe:/a:roundup-tracker:roundup:0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.3.0:pre1:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.3.0:pre2:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.3.0:pre3:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.4.0:b1:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.4.0:b2:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.4.2:pr1:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.0:pr1:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.8:stable:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.0:b1:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.0:b2:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.0:b3:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.0:b4:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.8:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.9:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.10:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.6.11:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.0:b1:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.0:b2:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.0:b3:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.9:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.7.12:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.8.0:b1:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.8.0:b2:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.8.6:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:0.9.0:b1:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:roundup-tracker:roundup:*:*:*:*:*:*:*:* (Version <= 1.4.3)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:8016
    P
    		DSA-1554 roundup -- insufficient input sanitising
    2014-06-23
    oval:org.mitre.oval:def:20175
    P
    		DSA-1554-1 roundup - cross-site scripting vulnerability
    2014-06-23
    oval:org.debian:def:1554
    V
    		insufficient input sanitising
    2008-04-22
    BACK
    roundup-tracker roundup 0.1.0
    roundup-tracker roundup 0.1.1
    roundup-tracker roundup 0.1.2
    roundup-tracker roundup 0.1.3
    roundup-tracker roundup 0.2.0
    roundup-tracker roundup 0.2.1
    roundup-tracker roundup 0.2.2
    roundup-tracker roundup 0.2.3
    roundup-tracker roundup 0.2.4
    roundup-tracker roundup 0.2.5
    roundup-tracker roundup 0.2.6
    roundup-tracker roundup 0.2.7
    roundup-tracker roundup 0.2.8
    roundup-tracker roundup 0.3.0
    roundup-tracker roundup 0.3.0 pre1
    roundup-tracker roundup 0.3.0 pre2
    roundup-tracker roundup 0.3.0 pre3
    roundup-tracker roundup 0.4.0
    roundup-tracker roundup 0.4.0 b1
    roundup-tracker roundup 0.4.0 b2
    roundup-tracker roundup 0.4.1
    roundup-tracker roundup 0.4.2
    roundup-tracker roundup 0.4.2 pr1
    roundup-tracker roundup 0.5
    roundup-tracker roundup 0.5.0
    roundup-tracker roundup 0.5.0 beta1
    roundup-tracker roundup 0.5.0 beta2
    roundup-tracker roundup 0.5.0 pr1
    roundup-tracker roundup 0.5.1
    roundup-tracker roundup 0.5.2
    roundup-tracker roundup 0.5.3
    roundup-tracker roundup 0.5.4
    roundup-tracker roundup 0.5.5
    roundup-tracker roundup 0.5.6
    roundup-tracker roundup 0.5.7
    roundup-tracker roundup 0.5.8 stable
    roundup-tracker roundup 0.5.9
    roundup-tracker roundup 0.6.0
    roundup-tracker roundup 0.6.0 b1
    roundup-tracker roundup 0.6.0 b2
    roundup-tracker roundup 0.6.0 b3
    roundup-tracker roundup 0.6.0 b4
    roundup-tracker roundup 0.6.1
    roundup-tracker roundup 0.6.2
    roundup-tracker roundup 0.6.3
    roundup-tracker roundup 0.6.4
    roundup-tracker roundup 0.6.5
    roundup-tracker roundup 0.6.6
    roundup-tracker roundup 0.6.7
    roundup-tracker roundup 0.6.8
    roundup-tracker roundup 0.6.9
    roundup-tracker roundup 0.6.10
    roundup-tracker roundup 0.6.11
    roundup-tracker roundup 0.7.0
    roundup-tracker roundup 0.7.0 b1
    roundup-tracker roundup 0.7.0 b2
    roundup-tracker roundup 0.7.0 b3
    roundup-tracker roundup 0.7.1
    roundup-tracker roundup 0.7.2
    roundup-tracker roundup 0.7.3
    roundup-tracker roundup 0.7.4
    roundup-tracker roundup 0.7.5
    roundup-tracker roundup 0.7.6
    roundup-tracker roundup 0.7.7
    roundup-tracker roundup 0.7.8
    roundup-tracker roundup 0.7.9
    roundup-tracker roundup 0.7.10
    roundup-tracker roundup 0.7.11
    roundup-tracker roundup 0.7.12
    roundup-tracker roundup 0.8.0
    roundup-tracker roundup 0.8.0 b1
    roundup-tracker roundup 0.8.0 b2
    roundup-tracker roundup 0.8.1
    roundup-tracker roundup 0.8.2
    roundup-tracker roundup 0.8.3
    roundup-tracker roundup 0.8.4
    roundup-tracker roundup 0.8.5
    roundup-tracker roundup 0.8.6
    roundup-tracker roundup 0.9.0 b1
    roundup-tracker roundup 1.0
    roundup-tracker roundup 1.0.1
    roundup-tracker roundup 1.1.0
    roundup-tracker roundup 1.1.1
    roundup-tracker roundup 1.1.2
    roundup-tracker roundup 1.2.0
    roundup-tracker roundup 1.2.1
    roundup-tracker roundup 1.3.0
    roundup-tracker roundup 1.3.1
    roundup-tracker roundup 1.3.2
    roundup-tracker roundup 1.3.3
    roundup-tracker roundup 1.4.0
    roundup-tracker roundup 1.4.1
    roundup-tracker roundup 1.4.2
    roundup-tracker roundup *