| VID |
21358 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The CVSTrac installed on the Web server, according to its version number, has multiple vulnerabilities.
CVSTrac is a Web-based bug and patch tracking system for CVS (Concurrent Version Service). CVSTrac version 1.0.5 and earlier are vulnerable to the following vulnerabilities:
- CVSROOT/passwd Arbitrary Account Deletion Vulnerability: A remote attacker could use this vulnerability to overwrite a critical file, resulting in giving them elevated access and potentially control over other user accounts.
- Plaintext Password Disclosure Vulnerability: A remote attacker could gain access to plaintext passwords.
* Note: This check solely relied on the version number of the remote CVSTrac installed on the web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=8641
http://www.osvdb.org/displayvuln.php?osvdb_id=8642
* Platforms Affected:
Open Source Development, CVSTrac 1.0.5 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CVSTrac (1.1.4 or later) from the CVSTrac Download site at http://www.cvstrac.org/cvstrac/wiki?p=DownloadCvstrac |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
