Main Vulnerability Database Vulnerabilities #VU41351

Input validation error in TorrentFlux - CVE-2014-6029

Published: September 5, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41351

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-6029

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: torrentflux.com

Affected software:
TorrentFlux

Detailed vulnerability description

The vulnerability allows a remote #AU# to manipulate or delete data.

TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php.

How to mitigate CVE-2014-6029

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2014/08/29/5
http://www.openwall.com/lists/oss-security/2014/09/02/3
http://www.securitytracker.com/id/1030791
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573

Input validation error in TorrentFlux - CVE-2014-6029

Detailed vulnerability description

How to mitigate CVE-2014-6029

Sources

Please verify you're human