Deluge WebUI Directory Traversal Vulnerability Fixed by 1.3.15


Description   (:A directory traversal vulnerability has been identified in the Web interface of the Deluge client.:A remote attacker could exploit it in order to obtain sensitive information via a specially crafted request.::This vulnerability stems from a lack of validation upon user-supplied input.)
     
Vulnerable Products   Vulnerable OS:
GNU/Linux (Debian) - 7, 8
     
Solution   Fixed deluge packages for Debian Jessie 8 are available.
     
CVE   CVE-2017-9031
     
References   - deluge-torrent.org : Deluge 1.3.15
http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
- Debian Security Tracker : deluge
https://security-tracker.debian.org/tracker/CVE-2017-9031
- DLA 943-1 : deluge security update
https://lists.debian.org/debian-lts-announce/2017/05/msg00014.html
- DSA 3856-1 : deluge security update
https://lists.debian.org/debian-security-announce/2017/msg00116.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Directory traversal
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2017-05-12 

 Target Type 
Client 

 Possible exploit 
Remote