Summary
The remote host seems to be running cvstrac,
a web-based bug and patch-set tracking system for CVS.
This version contains a flaw related to the chdir() function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web root.
***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.
Solution
Update to version 1.1.4 or disable this CGI suite
Severity
Classification
-
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- AVTECH DVR Multiple Vulnerabilities
- Admin Bot 'news.php' SQL Injection Vulnerability
- ApPHP MicroBlog Remote Code Execution Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities