Nessus Plugin #14287
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
CVSTrac invalid ticket DoS
- Family:
- CGI abuses
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2004 David Maciejak
- Summary:
- Checks for CVSTrac version
- Version:
- $Revision: 1.5 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- OSVDB:8644
- Description:
The remote host seems to be running cvstrac,
a web-based bug and patch-set tracking system for CVS.
This version contains a flaw related to invalid tickets
that may allow an attacker to cause the application to crash.
An attacker, exploiting this flaw, would be able to remotely
shut down the cvstrac server.
***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Solution : Update to version 1.1.4 or disable this CGI suite
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.