CVE-2004-0778 — MEDIUM (5.0)

Q: How severe is CVE-2004-0778?

CVE-2004-0778 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-0778?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Cvs.

Vulnerability Description

CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnu	Cvs	>= 1.11.0, < 1.11.17

Related Weaknesses (CWE)

CWE-203

References

http://www.idefense.com/application/poi/display?id=130&type=vulnerabilitiesBroken LinkVendor Advisory
http://www.kb.cert.org/vuls/id/579225PatchThird Party AdvisoryUS Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108Broken Link
http://www.securityfocus.com/bid/10955Broken LinkPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17001Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
http://www.idefense.com/application/poi/display?id=130&type=vulnerabilitiesBroken LinkVendor Advisory
http://www.kb.cert.org/vuls/id/579225PatchThird Party AdvisoryUS Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:108Broken Link
http://www.securityfocus.com/bid/10955Broken LinkPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17001Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link

FAQ

What is CVE-2004-0778?

CVE-2004-0778 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which cause...

How severe is CVE-2004-0778?

CVE-2004-0778 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0778?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Cvs.