CVE-2003-0977

9 documents8 sources

Severity

7.5HIGH

EPSS

1.9%

top 16.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CVS CVS Slackware Slackware Linux

Timeline

PublishedJan 5

Latest updateMay 3

Description

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶Debiancvs< 1:1.11.10+3

▶NVDcvs/cvs10 versions+9

▶NVDslackware/slackware_linux8.1, 9.0, 9.1+2

Patches

Patch: ccvs.cvshome.org ↗Patch: www.debian.org ↗Patch: ccvs.cvshome.org ↗

🔴Vulnerability Details

GHSA

GHSA-4jrq-7cgx-qq88: CVS server before 1↗2022-05-03

▶

OSV

CVE-2003-0977: CVS server before 1↗2004-01-05

▶

CVEList

CVE-2003-0977: CVS server before 1↗2003-12-10

▶

🔍Detection Rules

Suricata

GPL MISC CVS non-relative path error response↗2010-09-23

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-12-17

▶

Debian

CVE-2003-0977: cvs - CVS server before 1.11.10 may allow attackers to cause the CVS server to create ...↗2003

▶

💬Community

Bugzilla

CVE-2003-0977 security flaw↗2018-08-16

▶

Bugzilla

CAN-2003-0977 fix pushed for RH9, but not FC1↗2004-03-20

▶