Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6587

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6587
Last Modified 06 Apr 2009 12:00:00
Published 03 Apr 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6587

Summary

Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter.

Vulnerable Systems

Application

  • Vuze 0.7.6


References

XF - torrentflux-admin-csrf(41926)

BID - 28848

BUGTRAQ - 20080418 BitTorrent Clients and CSRF


Last Updated: 27 May 2016 10:49:14