Vulnerability Description
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bti-Tracker | Bti-Tracker | <= 1.3.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/42217
- http://secunia.com/advisories/27550Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=552477Patch
- http://sourceforge.net/tracker/index.php?func=detail&aid=1748243&group_id=146822
- http://www.securityfocus.com/bid/26551
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38416
- http://osvdb.org/42217
- http://secunia.com/advisories/27550Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=552477Patch
- http://sourceforge.net/tracker/index.php?func=detail&aid=1748243&group_id=146822
- http://www.securityfocus.com/bid/26551
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38416
FAQ
What is CVE-2007-5987?
CVE-2007-5987 is a vulnerability with a CVSS score of 6.8 (MEDIUM). details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the de...
How severe is CVE-2007-5987?
CVE-2007-5987 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5987?
Check the references section above for vendor advisories and patch information. Affected products include: Bti-Tracker Bti-Tracker.