Short Name |
APP:CVS:CVS-FILE-INFO |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
APP |
Keywords |
CVS File Existence Information Leak |
Release Date |
2004/09/01 |
Update Number |
1213 |
Supported Platforms |
idp-4.1+, isg-3.5+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects CVS sessions using the undocumented "-X" flag, which enables a user to save the command history to a user-defined file. Malicious users can use this flag to determine the existence of files on the CVS server. Note: File contents are not readable through this method.
CVS is reported prone to an information disclosure vulnerability in an undocumented 'history' command flag. This vulnerability presents itself when a remote attacker connects to a CVS pserver via TCP. An attacker may utilize the history command to issue requests that will return information about files readable by the CVS server process. This vulnerability may aid an attacker in further compromise of the server. Versions of CVS prior to 1.11.17 and prior to 1.12.9 are reportedly vulnerable.