Summary
The remote host seems to be running cvstrac,
a web-based bug and patch-set tracking system for CVS.
This version contains a flaw related to invalid tickets that may allow an attacker to cause the application to crash.
An attacker, exploiting this flaw, would be able to remotely shut down the cvstrac server.
***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.
Solution
Update to version 1.1.4 or disable this CGI suite
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Apache Struts2 showcase namespace XSS Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities