CVSTrac Filediff Vulnerability Network Vulnerability

Summary

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of filediff has a flaw in the input sanitation which, when exploited, can lead to a remote attacker executing arbitrary commands on the system. ***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.

Solution

Update to version 1.1.4 or disable this CGI suite

Severity

Classification

CVE CVE-2004-1456
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

A-Blog 'sources/search.php' SQL Injection Vulnerability
AdaptBB Multiple Input Validation Vulnerabilities
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
Admin News Tools Multiple Vulnerabilities
AdMentor Login Flaw

CVSTrac filediff vulnerability

Take action and discover your vulnerabilities