CVE-2004-0405
NONE EPSS 81.7%
Published Jun 1, 200422y ago · Modified Jun 16, 20262w ago
Published Jun 1, 2004 22y ago
Last Modified Jun 16, 2026 2w ago
Description
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
Threat Intelligence
EPSS Exploit Probability
81.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| cvs | cvs | * | ≤1.10 |
References 9
- ftp.freebsd.org ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
- marc.info http://marc.info/?l=bugtraq&m=108636445031613&w=2
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200404-13.xml
- debian.org http://www.debian.org/security/2004/dsa-486
- slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/15891
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1060
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10818
Remediation
- ftp.freebsd.org ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
- debian.org http://www.debian.org/security/2004/dsa-486