Summary
The remote host seems to be running cvstrac,
a web-based bug and patch-set tracking system for CVS.
This version contains a flaw related to the parameter parser that may allow an attacker to create a malformed URL, which causes the application to hang. An attacker, exploiting this flaw, would only need network access to the cvstrac server.
Upon sending a malformed link, the cvstrac server would go into an infinite loop, rendering the services as unavailable.
***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.
Solution
Update to version 1.1.4 or disable this CGI suite
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat DOS Device Name XSS
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Adobe JRun Management Console Multiple Vulnerabilities