CVS history.c File Existence Information Disclosure

medium Nessus Plugin ID 14313

Synopsis

The remote CVS server is affected by an information disclosure vulnerability.

Description

The remote CVS server, according to its version number, can be exploited by malicious users to gain knowledge of certain system information.

This behavior can be exploited to determine the existence and permissions of arbitrary files and directories on a vulnerable system.

Solution

Upgrade to CVS 1.11.17 and 1.12.9, or newer.

See Also

http://www.nessus.org/u?7a576d49

http://www.nessus.org/u?66a25c2a

Plugin Details

Severity: Medium

ID: 14313

File Name: cvs_file_existence_info_weak.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 8/20/2004

Updated: 7/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/16/2004

Reference Information

CVE: CVE-2004-0778

BID: 10955