Lucene search

MitreCVE-2014-6029

HistorySep 05, 2014 - 2:55 p.m.

CVE-2014-6029

2014-09-0514:55:04

CWE-20

mitre

web.nvd.nist.gov

torrentflux

2.4

remote authenticated users

delete

modify

cid parameter

editcookies action

profile.php

nvd

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

70.9%

JSON

TorrentFlux 2.4 allows remote authenticated users to delete or modify other users’ cookies via the cid parameter in an editCookies action to profile.php.

Affected configurations

Nvd

Node

torrentflux_projecttorrentfluxMatch2.4

VendorProductVersionCPE
torrentflux_projecttorrentflux2.4cpe:2.3:a:torrentflux_project:torrentflux:2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
torrentflux_project	torrentflux	2.4	cpe:2.3:a:torrentflux_project:torrentflux:2.4:::::::*

References

www.openwall.com/lists/oss-security/2014/08/29/5

www.openwall.com/lists/oss-security/2014/09/02/3

www.securitytracker.com/id/1030791

bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

70.9%

JSON

Related for CVE-2014-6029