CVE-2004-0180 : The client for CVS before 1.11 allows a remote malicious CVS server to create ar

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.

Published 2004-06-01 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2004-0180

CVS » CVS
Versions up to, including, (<=) 1.10
cpe:2.3:a:cvs:cvs:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0180

EPSS FAQ

3.95%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0180

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.6	LOW	AV:N/AC:H/Au:N/C:N/I:P/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2004-0180

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181

The Slackware Linux Project: Slackware Security Advisories

CVEs referencing this url
http://secunia.com/advisories/11400

About Secunia Research | Flexera
http://secunia.com/advisories/11548

About Secunia Research | Flexera
https://exchange.xforce.ibmcloud.com/vulnerabilities/15864

CVS RCS diff command file creation CVE-2004-0180 Vulnerability Report
http://secunia.com/advisories/11368

About Secunia Research | Flexera
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200404-13.xml

CVS Server and Client Vulnerabilities (GLSA 200404-13) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/11374

About Secunia Research | Flexera
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042

404 Not Found
http://www.redhat.com/support/errata/RHSA-2004-153.html

Support
Patch;Vendor Advisory
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc

Patch;Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/11380

About Secunia Research | Flexera
http://www.redhat.com/support/errata/RHSA-2004-154.html

Support
Patch;Vendor Advisory
http://secunia.com/advisories/11375

About Secunia Research | Flexera
http://secunia.com/advisories/11391

About Secunia Research | Flexera
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462

404 Not Found
http://www.debian.org/security/2004/dsa-486

Debian -- The Universal Operating System
Patch;Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/11405

About Secunia Research | Flexera
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
http://www.mandriva.com/security/advisories?name=MDKSA-2004:028

Mandriva
http://marc.info/?l=bugtraq&m=108636445031613&w=2

'[FLSA-2004:1620] Updated cvs resolves security vulnerabilities' - MARC

CVEs referencing this url
http://secunia.com/advisories/11371

About Secunia Research | Flexera
http://secunia.com/advisories/11377

About Secunia Research | Flexera

Jump to

Vulnerability Details : CVE-2004-0180

Products affected by CVE-2004-0180

Exploit prediction scoring system (EPSS) score for CVE-2004-0180

CVSS scores for CVE-2004-0180

References for CVE-2004-0180