Deluge CVE-2017-9031 Directory Traversal Vulnerability

Deluge is prone to a directory-traversal vulnerability.

Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks.

Versions prior to Deluge 1.3.15 are vulnerable.

Information

Bugtraq ID: 99099
Class: Input Validation Error
CVE: CVE-2017-9031

Remote: Yes
Local: No
Published: Jun 16 2017 12:00AM
Updated: Jun 16 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: openSUSE Leap 42.2
deluge-torrent deluge 1.3.14
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

Not Vulnerable: deluge-torrent deluge 1.3.15

Exploit

An attacker can exploit this issue using a web browser.

References:

[WebUI] Check render template files exist and raise 404 if not (deluge)
Deluge 1.3.15 (Deluge)
Deluge Homepage (deluge)
deluge: CVE-2017-9031: directory traversal attack vulnerability (Debian)

Source: www.securityfocus.com

Exploit Collector

Search Exploit