First published: Wed Aug 18 2004(Updated: )
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nongnu CVS | >=1.11.0<1.11.17 | |
Nongnu CVS | >=1.12.0<1.12.9 | |
Distrotech Cvs | =1.10.6 | |
Distrotech Cvs | =1.10.7 | |
Distrotech Cvs | =1.10.8 | |
Distrotech Cvs | =1.11 | |
Distrotech Cvs | =1.11.1 | |
Distrotech Cvs | =1.11.1_p1 | |
Distrotech Cvs | =1.11.2 | |
Distrotech Cvs | =1.11.3 | |
Distrotech Cvs | =1.11.4 | |
Distrotech Cvs | =1.11.5 | |
Distrotech Cvs | =1.11.6 | |
Distrotech Cvs | =1.11.10 | |
Distrotech Cvs | =1.11.11 | |
Distrotech Cvs | =1.11.14 | |
Distrotech Cvs | =1.11.15 | |
Distrotech Cvs | =1.11.16 | |
Distrotech Cvs | =1.12.1 | |
Distrotech Cvs | =1.12.2 | |
Distrotech Cvs | =1.12.5 | |
Distrotech Cvs | =1.12.7 | |
Distrotech Cvs | =1.12.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-0778 is considered a moderate severity vulnerability that allows remote attackers to detect the existence of arbitrary files and directories.
To fix CVE-2004-0778, upgrade CVS to version 1.11.17 or later for 1.11.x series and version 1.12.9 or later for 1.12.x series.
CVE-2004-0778 affects various versions of CVS including 1.10.6 through 1.12.8.
Yes, CVE-2004-0778 can be exploited remotely, allowing attackers to gather information about file structures.
The main impact of CVE-2004-0778 is the disclosure of file existence, which could lead to further attacks on the system.