Summary
CVSWeb is used by hosts to share programming source code. Some web sites are misconfigured and allow access to their sensitive source code without any password protection. This plugin tries to detect the presence of a CVSWeb CGI and when it finds it, it tries to obtain its version.
Solution
Password protect the CGI if unauthorized access isn't wanted
Severity
Classification
-
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Struts2 showcase namespace XSS Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability