CVE-2008-5905

Sažetak

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
http://ktorrent.org/?q=node/23
http://openwall.com/lists/oss-security/2009/01/08/1
http://secunia.com/advisories/32442
http://secunia.com/advisories/32447
http://secunia.com/advisories/33675
http://secunia.com/advisories/34003
http://security.gentoo.org/glsa/glsa-200902-05.xml
http://www.securityfocus.com/bid/31927
http://www.ubuntu.com/usn/USN-711-1
http://www.vupen.com/english/advisories/2008/2911
https://bugs.gentoo.org/show_bug.cgi?id=244741
https://exchange.xforce.ibmcloud.com/vulnerabilities/46117

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:33

Objavljeno

15-01-2009 - 17:30