1. CVE-Search
  2. CVE-2018-5702
ID CVE-2018-5702
Summary Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
References
Vulnerable Configurations
  • cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.73:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.73:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.74:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.74:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.75:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.75:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.76:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.76:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.77:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.77:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.80:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.80:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.81:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.81:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.82:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.82:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.83:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.83:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.84:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.84:*:*:*:*:*:*:*
  • cpe:2.3:a:transmissionbt:transmission:2.92:*:*:*:*:*:*:*
    cpe:2.3:a:transmissionbt:transmission:2.92:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
debian DSA-4087
exploit-db 43665
gentoo GLSA-201806-07
misc
mlist [debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update
Last major update 03-10-2019 - 00:03
Published 15-01-2018 - 16:29
Last modified 03-10-2019 - 00:03
Back to Top