Deluge CVE-2017-9031 Directory Traversal Vulnerability



Deluge is prone to a directory-traversal vulnerability.

Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks.

Versions prior to Deluge 1.3.15 are vulnerable.

Information

Bugtraq ID: 99099
Class: Input Validation Error
CVE: CVE-2017-9031

Remote: Yes
Local: No
Published: Jun 16 2017 12:00AM
Updated: Jun 16 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: openSUSE Leap 42.2
deluge-torrent deluge 1.3.14
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64


Not Vulnerable: deluge-torrent deluge 1.3.15


Exploit


An attacker can exploit this issue using a web browser.


Related Posts

Comments