PT-2004-1090 · Cvs · Cvs

Derek Price

Published

2004-04-14

Updated

2017-10-11

CVE-2004-0405

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CVS versions prior to 1.11.14

Description The issue allows attackers to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests. This can lead to a breach of confidentiality of protected information. Exploitation of the issue can be done remotely.

Recommendations For versions prior to 1.11.14, update to version 1.11.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the CVS client requests to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-09449

CVE-2004-0405

DSA-486

RHSA-2004:153

Affected Products

Cvs

PT-2004-1090 · Cvs · Cvs

CVE-2004-0405

Related Identifiers

Affected Products

References · 14