CVE-2009-1757 (retired)

Priority
Description
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before
1.53 and 1.6 before 1.61 allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
Notes
 jdstrand> 8.04 LTS does not provide a web interface
 jdstrand> 9.04 switched http implementations from shttpd to evhttpd. As a
  result, the upstream patch is not valid on 8.10 and a new patch needs to be
  written from scratch. The web interface in 8.10 is considered beta and is
  disabled by default. The web interface must be enabled and the user must
  be tricked into navigating his/her browser to a malicious site while
  transmission is running.
Assigned-to
jdstrand
Package
Upstream:released (1.53, 1.61)
Patches:
Upstream:http://trac.transmissionbt.com/changeset/8378
More Information

Updated: 2019-09-19 15:15:18 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)