FKIE_CVE-2008-5905

Vulnerability from fkie_nvd - Published: 2009-01-15 17:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
cve@mitre.orghttp://ktorrent.org/?q=node/23Vendor Advisory
cve@mitre.orghttp://openwall.com/lists/oss-security/2009/01/08/1
cve@mitre.orghttp://secunia.com/advisories/32442Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32447Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/33675
cve@mitre.orghttp://secunia.com/advisories/34003
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200902-05.xml
cve@mitre.orghttp://www.securityfocus.com/bid/31927
cve@mitre.orghttp://www.ubuntu.com/usn/USN-711-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2911
cve@mitre.orghttps://bugs.gentoo.org/show_bug.cgi?id=244741
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46117
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
af854a3a-2127-422b-91ae-364da2661108http://ktorrent.org/?q=node/23Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2009/01/08/1
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32442Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32447Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33675
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34003
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200902-05.xml
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31927
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-711-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2911
af854a3a-2127-422b-91ae-364da2661108https://bugs.gentoo.org/show_bug.cgi?id=244741
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46117
Impacted products
Vendor Product Version
ktorrent ktorrent *
ktorrent ktorrent 0.9
ktorrent ktorrent 1.0
ktorrent ktorrent 1.1
ktorrent ktorrent 1.2
ktorrent ktorrent 1.2
ktorrent ktorrent 1.2
ktorrent ktorrent 2.0
ktorrent ktorrent 2.0
ktorrent ktorrent 2.0
ktorrent ktorrent 2.0.1
ktorrent ktorrent 2.0.2
ktorrent ktorrent 2.0.3
ktorrent ktorrent 2.1
ktorrent ktorrent 2.1
ktorrent ktorrent 2.1
ktorrent ktorrent 2.1.1
ktorrent ktorrent 2.1.2
ktorrent ktorrent 2.1.3
ktorrent ktorrent 2.1.4
ktorrent ktorrent 2.2
ktorrent ktorrent 2.2
ktorrent ktorrent 2.2
ktorrent ktorrent 2.2.1
ktorrent ktorrent 2.2.2
ktorrent ktorrent 2.2.3
ktorrent ktorrent 2.2.4
ktorrent ktorrent 2.2.5
ktorrent ktorrent 2.2.6
ktorrent ktorrent 2.2.7
ktorrent ktorrent 2.2.8
ktorrent ktorrent 3.0
ktorrent ktorrent 3.0
ktorrent ktorrent 3.0.0
ktorrent ktorrent 3.0.1
ktorrent ktorrent 3.0.2
ktorrent ktorrent 3.1.1
ktorrent ktorrent 3.1.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8025283-BC2B-4B33-8870-4339B8E72885",
              "versionEndIncluding": "3.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C135250-74F9-407F-BF3F-74AC0B6283BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DBF924C-9DC8-49A3-809D-C9C2D166FCF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98B1318-4EDB-49F5-B39F-536B7D4F9D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3FEFCAD-9F02-4DD7-BEB2-CCF76BE4CD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5ABF1AF9-F645-4E38-AD21-43F363CDC774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:1.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F76C3120-59ED-4B34-9138-C5E12C3A43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE350CBD-5B58-4C3E-80C4-CF2689B590B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "3D2C64FA-B341-42F7-AD05-663B2D1C89E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1F74623A-DB49-42F1-A82A-851C36F3F2A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A49AEA-0406-4B77-A613-0872A129E020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBC44F4-D3F3-4140-A7B6-58DCF0CB95DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "009FC942-5A24-4C09-BB0F-990EF13C3BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80D1BCF4-1215-4284-9167-409C9F2D3686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "01FC83B5-1A34-4E54-BC05-27903C8D76C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "52FAF04B-8043-495A-B68D-BEC80707D7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D124FEE2-D7D8-4F22-89A0-0DEB23C118F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65074E3F-BD29-4D38-9A82-44AE5CCBA1B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "332E5BA7-E581-4256-BE23-9DE0A93ECC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6760D0F-EBDC-4357-8A1F-330AED46C27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89958A00-844E-4AC6-B9F9-128F4ED2BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B2EE31B1-612F-47AF-A003-434B73D09CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7323A1A4-6AD8-45D1-92C9-A485A2404453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1984EEE-7555-417C-A068-A95D9E87DB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A00B1A7-2C05-49A0-AD87-E0016E9AD8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "44495B44-7EBD-4443-98D4-203EADFBD96D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D10469C7-FDAF-45B9-91AD-E083385D940C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8F37F5-B52A-4302-AE36-BD3677E57B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9B5D785-ADF8-4929-BC0B-3DB7BC5A9A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7093A493-B85B-461C-A1A3-21117418B9F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ADAB09F-3A65-43F2-9772-811D26E3AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "87174F64-B01F-4D76-BEC0-630512C437B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E9A0A18F-1FA6-4D99-AD43-D7D61B8C844F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CC400A2-4ED0-4361-BF3E-7029182B9D83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D4295F0-17C9-4975-9AD5-97D283CB5C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01004DB-5098-43C0-9EFA-BD5E56411632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF76451-B112-4836-B8BF-7E74B1252192",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ktorrent:ktorrent:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "484C3B3E-0971-4C11-9815-A90B450159D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request."
    },
    {
      "lang": "es",
      "value": "El plugin del interfaz web en KTorrent anteriores a v3.1.4 permitir\u00eda a atacantes remotos evitar las restricciones de acceso previstas y subir ficheros torrent, e iniciar la descarga y sembrado a trav\u00e9s de una petici\u00f3n HTTP POST manipulada."
    }
  ],
  "id": "CVE-2008-5905",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-15T17:30:00.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://ktorrent.org/?q=node/23"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2009/01/08/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32442"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32447"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33675"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34003"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31927"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-711-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2911"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://ktorrent.org/?q=node/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2009/01/08/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-711-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.