CVE-2008-4325

Name of the Vulnerable Software and Affected Versions: ViewVC version 1.0.5

Description: The issue in ViewVC allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. This is achieved by using the content-type parameter in the HTTP request for the Content-Type header in the HTTP response. It is noted that this issue might not be a vulnerability, as it requires attacker access to the repository that is being viewed.

Recommendations: For ViewVC version 1.0.5, consider restricting access to the repository to minimize the risk of exploitation. As a temporary workaround, avoid using inconsistent content-type parameters in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.