Lucene search

[email protected]NVD:CVE-2008-5905

HistoryJan 15, 2009 - 5:30 p.m.

CVE-2008-5905

2009-01-1517:30:00

CWE-264

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.8%

JSON

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.

Affected configurations

NVD

Node

ktorrentktorrentRange≤3.1.3

ktorrentktorrentMatch0.9

ktorrentktorrentMatch1.0

ktorrentktorrentMatch1.1

ktorrentktorrentMatch1.2

ktorrentktorrentMatch1.2rc1

ktorrentktorrentMatch1.2rc2

ktorrentktorrentMatch2.0

ktorrentktorrentMatch2.0beta1

ktorrentktorrentMatch2.0rc1

ktorrentktorrentMatch2.0.1

ktorrentktorrentMatch2.0.2

ktorrentktorrentMatch2.0.3

ktorrentktorrentMatch2.1

ktorrentktorrentMatch2.1beta1

ktorrentktorrentMatch2.1rc1

ktorrentktorrentMatch2.1.1

ktorrentktorrentMatch2.1.2

ktorrentktorrentMatch2.1.3

ktorrentktorrentMatch2.1.4

ktorrentktorrentMatch2.2

ktorrentktorrentMatch2.2beta1

ktorrentktorrentMatch2.2rc1

ktorrentktorrentMatch2.2.1

ktorrentktorrentMatch2.2.2

ktorrentktorrentMatch2.2.3

ktorrentktorrentMatch2.2.4

ktorrentktorrentMatch2.2.5

ktorrentktorrentMatch2.2.6

ktorrentktorrentMatch2.2.7

ktorrentktorrentMatch2.2.8

ktorrentktorrentMatch3.0beta1

ktorrentktorrentMatch3.0rc1

ktorrentktorrentMatch3.0.0

ktorrentktorrentMatch3.0.1

ktorrentktorrentMatch3.0.2

ktorrentktorrentMatch3.1.1

ktorrentktorrentMatch3.1.2

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178

ktorrent.org/?q=node/23

openwall.com/lists/oss-security/2009/01/08/1

secunia.com/advisories/32442

secunia.com/advisories/32447

secunia.com/advisories/33675

secunia.com/advisories/34003

security.gentoo.org/glsa/glsa-200902-05.xml

www.securityfocus.com/bid/31927

www.ubuntu.com/usn/USN-711-1

www.vupen.com/english/advisories/2008/2911

bugs.gentoo.org/show_bug.cgi?id=244741

exchange.xforce.ibmcloud.com/vulnerabilities/46117

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for NVD:CVE-2008-5905

debiancve1 cve1 cvelist1 ubuntucve1 prion1 redhatcve1 nessus2 gentoo1 ubuntu1 openvas7