Summary
The Remote host is installed with Aria2 and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attackers to download files to directories outside of the intended download directory via directory traversal attacks.
Impact Level: Application
Solution
Upgrade to Aria2 1.9.3,
For updates refer to http://sourceforge.net/projects/aria2/files/
Insight
The flaw is due to an error in the hanling of metalink files. The 'name' attribute of a 'file' element in a metalink file is not properly sanitised.
Affected
Aria2 version prior to 1.9.3
References
Severity
Classification
-
CVE CVE-2010-1512 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- @Mail WebMail Email Body HTML Injection Vulnerability
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Tomcat Multiple Vulnerabilities June-09
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities