Summary
The remote host seems to be running cvstrac,
a web-based bug and patch-set tracking system for CVS.
This version contains a flaw related to the chdir() function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web root.
***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.
Solution
Update to version 1.1.4 or disable this CGI suite
Severity
Classification
-
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- ASP Inline Corporate Calendar SQL injection
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability