Detections
Analytics

CVSTrac Invalid Ticket DoS

medium Nessus Plugin ID 14287

Language:

Synopsis

The remote web server is hosting a CGI application that is affected by a denial of service vulnerability.

Description

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS.

This version contains a flaw related to invalid tickets that may allow an attacker to cause the application to crash. An attacker, exploiting this flaw, would be able to remotely shut down the cvstrac server.

***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.

Solution

Update to version 1.1.4 or later as this reportedly fixes the issue.

See Also

http://www.cvstrac.org/cvstrac/chngview?cn=193

http://www.cvstrac.org/cvstrac/tktview?tn=116

Plugin Details

Severity: Medium

ID: 14287

File Name: cvstrac_invalid_ticket_dos.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 8/17/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Vulnerability Publication Date: 8/28/2002