| VID |
21609 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The relevant Web server allows a remote attacker to obtain the CVS/Entries file. The Entries file shows all the files and directories users normally can't see or even scan for. If it exposes the directory layout and all file names of your website, this flaw can be a huge security risk.
CVS (Concurrent Versions System) is an open-source source code management and distribution system. A lot of people use CVS to manage their web content.
* Platforms Affected:
Any operating system Any version |
| Recommendation |
Change permissions on the affected Web server to deny access to the CVS/Entries file. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
