Detections
Analytics
ViewCVS < 1.0.0 Multiple Vulnerabilities
medium Nessus Plugin ID 16062
Language:
Synopsis
The remote web server is affected by cross-site scripting issues.Description
The remote host is running ViewCVS, a tool to browse CVS repositories over the web written in python.Flaws in the remote version of this website may allow an attacker to launch cross-site scripting and/or HTTP response-splitting attacks against the remote install.
Solution
Upgrade to ViewCVS 1.0.0 or newer.See Also
Plugin Details
Severity: Medium
ID: 16062
File Name: viewcvs_http_response_splitting.nasl
Version: 1.25
Type: remote
Family: CGI abuses
Published: 12/28/2004
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:viewcvs:viewcvs
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 12/29/2003