PT-2004-1090 · Cvs · Cvs
Derek Price
·
Publicado
2004-04-14
·
Atualizado
2017-10-11
·
CVE-2004-0405
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CVS versions prior to 1.11.14
Description
The issue allows attackers to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests. This can lead to a breach of confidentiality of protected information. Exploitation of the issue can be done remotely.
Recommendations
For versions prior to 1.11.14, update to version 1.11.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the CVS client requests to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cvs