Detections
Analytics

CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution

high Nessus Plugin ID 10465

Synopsis

The web application running on the remote host has a command execution vulnerability.

Description

The version of CVSweb on the remote host is <= 1.85. This version allows a remote attacker to execute arbitrary commands in the context of the web server.

This version of CVSweb is no longer maintained. Please consider switching to the latest version of FreeBSD CVSweb.

Solution

Switch to the latest version of CVSweb.

See Also

http://www.nessus.org/u?8973f893

https://www.freebsd.org/projects/cvsweb.html

Plugin Details

Severity: High

ID: 10465

File Name: cvsweb_shell.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 7/15/2000

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/14/2000

Reference Information

CVE: CVE-2000-0670

BID: 1469