CVE-2009-1757
published 2009-05-22CVE-2009-1757: Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of…
PriorityP423medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
0.83%
53.1th percentile
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | transmission | < transmission 1.61-1 (bookworm) | transmission 1.61-1 (bookworm) |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | >= 0 < 1.61-1 | 1.61-1 |
| transmissionbt | transmission | >= 0 < 1.61-1 | 1.61-1 |
| transmissionbt | transmission | >= 0 < 1.61-1 | 1.61-1 |
| transmissionbt | transmission | >= 0 < 1.61-1 | 1.61-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Transmission vulnerabilities
vendor_ubuntu·2010-01-18·CVSS 6.8
CVE-2010-0012 [MEDIUM] Transmission vulnerabilities
Title: Transmission vulnerabilities
Summary: Transmission vulnerabilities
It was discovered that the Transmission web interface was vulnerable to
cross-site request forgery (CSRF) attacks. If a user were tricked into
opening a specially crafted web page in a browser while Transmission was
running, an attacker could trigger commands in Transmission. This issue
affected Ubuntu 9.04. (CVE-2009-1757)
Dan Rosenberg discovered that Transmission did not properly perform input
validation when processing torrent files. If a user were tricked into
opening a crafted torrent file, an attacker could overwrite files via
directory traversal. (CVE-2010-0012)
Instructions: After a standard system upgrade you need to restart Transmission to effect
the necessary changes.
Debian
CVE-2009-1757: transmission - Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 ...
vendor_debian·2009·CVSS 6.8
CVE-2009-1757 [MEDIUM] CVE-2009-1757: transmission - Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 ...
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Scope: local
bookworm: resolved (fixed in 1.61-1)
bullseye: resolved (fixed in 1.61-1)
forky: resolved (fixed in 1.61-1)
sid: resolved (fixed in 1.61-1)
trixie: resolved (fixed in 1.61-1)
GHSA
GHSA-vrmj-xm8j-xcrr: Cross-site request forgery (CSRF) vulnerability in Transmission 1
ghsa_unreviewed·2022-05-02
CVE-2009-1757 [MEDIUM] CWE-352 GHSA-vrmj-xm8j-xcrr: Cross-site request forgery (CSRF) vulnerability in Transmission 1
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
OSV
CVE-2009-1757: Cross-site request forgery (CSRF) vulnerability in Transmission 1
osv·2009-05-22·CVSS 6.8
CVE-2009-1757 [MEDIUM] CVE-2009-1757: Cross-site request forgery (CSRF) vulnerability in Transmission 1
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
No detection rules found.
No public exploits indexed.
2009-05-22
Published