CVE-2004-0405

Current Description

CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.

Referenced by CVEs:CVE-2004-0180

Basic Data

PublishedJune 01, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCvsCvs********1.10

Vulnerable Software List

VendorProductVersions
Cvs Cvs *

References

NameSourceURLTags
FreeBSD-SA-04:07ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.ascFREEBSDPATCH Vendor Advisory
20040404-01-Uftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.ascSGIPATCH Vendor Advisory
FEDORA-2004-1620http://marc.info/?l=bugtraq&m=108636445031613&w=2FEDORA
GLSA-200404-13http://security.gentoo.org/glsa/glsa-200404-13.xmlGENTOO
DSA-486http://www.debian.org/security/2004/dsa-486DEBIANPATCH Vendor Advisory
SSA:2004-108-02http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181SLACKWARE
cvs-dotdot-directory-traversal(15891)https://exchange.xforce.ibmcloud.com/vulnerabilities/15891XF
oval:org.mitre.oval:def:1060https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060OVAL
oval:org.mitre.oval:def:10818https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818OVAL