CVE-2004-0405

NONE EPSS 81.7%
Published Jun 1, 200422y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jun 1, 2004 22y ago
Last Modified Jun 16, 2026 2w ago

Description

CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.

Threat Intelligence

EPSS Exploit Probability
81.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 1

VendorProductVersionRange
cvscvs* ≤1.10

References 9

  • ftp.freebsd.org ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc
    PatchVendor Advisory
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
    PatchVendor Advisory
  • marc.info http://marc.info/?l=bugtraq&m=108636445031613&w=2
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200404-13.xml
  • debian.org http://www.debian.org/security/2004/dsa-486
    PatchVendor Advisory
  • slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/15891
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818

Remediation

  • ftp.freebsd.org ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc
    PatchVendor Advisory
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2004/dsa-486
    PatchVendor Advisory