Описание
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.2-0ubuntu5.2 |
| devel | not-affected | |
| edgy | released | 2.0.3+dfsg1-0ubuntu1.2 |
| feisty | released | 2.1-0ubuntu2.1 |
| upstream | released | 2.1.3 |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
Directory traversal vulnerability in torrent.cpp in KTorrent before 2. ...
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
EPSS
6.4 Medium
CVSS2