exploitDog

CVE-2000-0680

Опубликовано: 20 окт. 2000

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.

Ссылки

http://www.securityfocus.com/bid/1524
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/1524
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00363

Низкий

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-jhvw-wg26-wj9c

github

больше 3 лет назад

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.

EPSS

Процентиль: 58%

0.00363

Низкий

7.2 High

CVSS2

Дефекты

NVD-CWE-Other