GForge Multiple Script Traversal Arbitrary Directory Listing
|
|
Article ID: 16225
Last updated: 27 Jan, 2009
|
|
|
|
Views: 487
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
GForge Multiple Script Traversal Arbitrary Directory Listing |
|
| This script is Copyright (C) 2005-2009 Tenable Network Security, Inc. |
|
|
| Family | CGI abuses |
| Plugin ID | 16225 |
| Bugtraq ID | 12318
|
| CVE ID | CVE-2005-0299
|
|
| Description: |
The remote host is running GForge, a CVS repository browser written
in PHP.
The remote version of this software is vulnerable to an information disclosure
vulnerability.
By supplying a malformed parameter to the scripts controller.php and controlleroo.php,
an attacker may force the remote CGI to disclose the content of arbitrary directories
stored on the remote host.
Solution: Upgrade to GForge 4.0.0 or newer
Risk factor : Medium |
|
