Summary
CVSWeb is used by hosts to share programming source code. Some web sites are misconfigured and allow access to their sensitive source code without any password protection. This plugin tries to detect the presence of a CVSWeb CGI and when it finds it, it tries to obtain its version.
Solution
Password protect the CGI if unauthorized access isn't wanted
Severity
Classification
-
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Apache Rave User Information Disclosure Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability