CVE-2004-0778

Name of the Vulnerable Software and Affected Versions CVS versions 1.11.x through 1.11.16 CVS versions 1.12.x through 1.12.8

Description The issue allows remote attackers to determine the existence of arbitrary files and directories. This is achieved via the -X command for an alternate history file, which causes different error messages to be returned, thus revealing the presence of specific files or directories.

Recommendations For CVS versions 1.11.x through 1.11.16, update to version 1.11.17 or later. For CVS versions 1.12.x through 1.12.8, update to version 1.12.9 or later.