Summary
The remote host seems to be running cvstrac,
a web-based bug and patch-set tracking system for CVS.
This version contains a flaw related to the parameter parser that may allow an attacker to create a malformed URL, which causes the application to hang. An attacker, exploiting this flaw, would only need network access to the cvstrac server.
Upon sending a malformed link, the cvstrac server would go into an infinite loop, rendering the services as unavailable.
***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.
Solution
Update to version 1.1.4 or disable this CGI suite
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Tomcat DOS Device Name XSS
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache Tomcat NIO Connector Denial of Service Vulnerability