CVE-2004-0778
First published: Wed Aug 18 2004(Updated: )
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nongnu CVS | >=1.11.0<1.11.17 | |
| Nongnu CVS | >=1.12.0<1.12.9 | |
| Distrotech Cvs | =1.10.6 | |
| Distrotech Cvs | =1.10.7 | |
| Distrotech Cvs | =1.10.8 | |
| Distrotech Cvs | =1.11 | |
| Distrotech Cvs | =1.11.1 | |
| Distrotech Cvs | =1.11.1_p1 | |
| Distrotech Cvs | =1.11.2 | |
| Distrotech Cvs | =1.11.3 | |
| Distrotech Cvs | =1.11.4 | |
| Distrotech Cvs | =1.11.5 | |
| Distrotech Cvs | =1.11.6 | |
| Distrotech Cvs | =1.11.10 | |
| Distrotech Cvs | =1.11.11 | |
| Distrotech Cvs | =1.11.14 | |
| Distrotech Cvs | =1.11.15 | |
| Distrotech Cvs | =1.11.16 | |
| Distrotech Cvs | =1.12.1 | |
| Distrotech Cvs | =1.12.2 | |
| Distrotech Cvs | =1.12.5 | |
| Distrotech Cvs | =1.12.7 | |
| Distrotech Cvs | =1.12.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/579225
- http://www.securityfocus.com/bid/10955
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17001
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10688
Frequently Asked Questions
What is the severity of CVE-2004-0778?
CVE-2004-0778 is considered a moderate severity vulnerability that allows remote attackers to detect the existence of arbitrary files and directories.
How do I fix CVE-2004-0778?
To fix CVE-2004-0778, upgrade CVS to version 1.11.17 or later for 1.11.x series and version 1.12.9 or later for 1.12.x series.
What systems are affected by CVE-2004-0778?
CVE-2004-0778 affects various versions of CVS including 1.10.6 through 1.12.8.
Can CVE-2004-0778 be exploited remotely?
Yes, CVE-2004-0778 can be exploited remotely, allowing attackers to gather information about file structures.
What is the main impact of CVE-2004-0778?
The main impact of CVE-2004-0778 is the disclosure of file existence, which could lead to further attacks on the system.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- collector/nvd-historical
- vendor/gnu
- canonical/nongnu cvs
- version/nongnu cvs/1.11.0
- version/nongnu cvs/1.12.0
- vendor/cvs
- canonical/distrotech cvs
- version/distrotech cvs/1.10.6
- version/distrotech cvs/1.10.7
- version/distrotech cvs/1.10.8
- version/distrotech cvs/1.11
- version/distrotech cvs/1.11.1
- version/distrotech cvs/1.11.1_p1
- version/distrotech cvs/1.11.2
- version/distrotech cvs/1.11.3
- version/distrotech cvs/1.11.4
- version/distrotech cvs/1.11.5
- version/distrotech cvs/1.11.6
- version/distrotech cvs/1.11.10
- version/distrotech cvs/1.11.11
- version/distrotech cvs/1.11.14
- version/distrotech cvs/1.11.15
- version/distrotech cvs/1.11.16
- version/distrotech cvs/1.12.1
- version/distrotech cvs/1.12.2
- version/distrotech cvs/1.12.5
- version/distrotech cvs/1.12.7
- version/distrotech cvs/1.12.8