Summary
The remote CVS server, according to its version number, can be exploited by malicious users to gain knowledge of certain system information.
This behaviour can be exploited to determine the existence and permissions of arbitrary files and directories on a vulnerable system.
Solution
Upgrade to CVS 1.11.17 and 1.12.9, or newer
Severity
Classification
-
CVE CVE-2004-0778 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple Safari 'SRC' Remote Denial Of Service Vulnerability
- Apple Remote Desktop Information Disclosure Vulnerability
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
- Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)