CVS (Web-Based) Entries File Information Disclosure

medium Nessus Plugin ID 10922

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The remote web server allows access to a 'CVS/Entries' file and thereby exposes file names in the associated repository.

Solution

Configure permissions for the affected web server to deny access to the reported file as well other related ones, such as 'CVS/Repository' and 'CVS/Root'.

Plugin Details

Severity: Medium

ID: 10922

File Name: cvs_in_www.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 3/27/2002

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Detections

Analytics