• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

CVS Undocumented History Flag Information Disclosure Vulnerability

CVS is reported prone to an information disclosure vulnerability in an undocumented 'history' command flag.

This vulnerability presents itself when a remote attacker connects to a CVS pserver via TCP. An attacker may utilize the history command to issue requests that will return information about files readable by the CVS server process.

This vulnerability may aid an attacker in further compromise of the server.

Versions of CVS prior to 1.11.17 and prior to 1.12.9 are reportedly vulnerable.