Summary
The remote host seems to be running cvstrac,
a web-based bug and patch-set tracking system for CVS.
This version contains a flaw related to invalid tickets that may allow an attacker to cause the application to crash.
An attacker, exploiting this flaw, would be able to remotely shut down the cvstrac server.
***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.
Solution
Update to version 1.1.4 or disable this CGI suite
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability