cvs vulnerability

2012-02-2200:00:00

ubuntu.com

6.9 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.8%

JSON

Releases

Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04

Packages

cvs - Concurrent Versions System

Details

It was discovered that cvs incorrectly handled certain responses from
proxy servers. If a user were tricked into connecting to a malicious proxy
server, a remote attacker could cause cvs to crash, or possibly execute
arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu11.10noarchcvs< 2:1.12.13+real-6ubuntu0.1UNKNOWN
Ubuntu11.04noarchcvs< 1:1.12.13-12ubuntu1.11.04.1UNKNOWN
Ubuntu10.10noarchcvs< 1:1.12.13-12ubuntu1.10.10.1UNKNOWN
Ubuntu10.04noarchcvs< 1:1.12.13-12ubuntu1.10.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	11.10	noarch	cvs	< 2:1.12.13+real-6ubuntu0.1	UNKNOWN
Ubuntu	11.04	noarch	cvs	< 1:1.12.13-12ubuntu1.11.04.1	UNKNOWN
Ubuntu	10.10	noarch	cvs	< 1:1.12.13-12ubuntu1.10.10.1	UNKNOWN
Ubuntu	10.04	noarch	cvs	< 1:1.12.13-12ubuntu1.10.04.1	UNKNOWN