CVS (Web-Based) Directory Spider

medium Nessus Plugin ID 25758

Synopsis

The remote web server may be affected by an information disclosure vulnerability.

Description

The CVS directory contains the standard CVS file 'Entries'.

Using this file, part of the contents of the document root of the web server can be obtained. This allows an attacker to search for sensitive information located in the document root of the web server.

Solution

Do not place the CVS-directory in the document root. Use the CVS export function to create deployable code.

Plugin Details

Severity: Medium

ID: 25758

File Name: cvs_directory_spider.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 7/24/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning