This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Tatsuhiro Tsujikawa | First view | 2009-10-20 |
| Product | aria2 | Last view | 2010-05-17 |
| Version | 0.9.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:tatsuhiro_tsujikawa:aria2 | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2010-05-17 | CVE-2010-1512 | Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. |
| 7.6 | 2009-10-20 | CVE-2009-3617 | Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-134 | Uncontrolled Format String |
| 50% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 64592 | aria2 metalink name Attribute Traversal Arbitrary File Creation |
| 59087 | aria2 src/AbstractCommand.cc AbstractCommand::onAbort Function Remote Format ... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201101-04 (aria2) File : nvt/glsa_201101_04.nasl |
| 2010-06-03 | Name : Debian Security Advisory DSA 2047-1 (aria2) File : nvt/deb_2047_1.nasl |
| 2010-05-28 | Name : Fedora Update for aria2 FEDORA-2010-8908 File : nvt/gb_fedora_2010_8908_aria2_fc12.nasl |
| 2010-05-28 | Name : Fedora Update for aria2 FEDORA-2010-8915 File : nvt/gb_fedora_2010_8915_aria2_fc11.nasl |
| 2010-05-28 | Name : Mandriva Update for aria2 MDVSA-2010:106 (aria2) File : nvt/gb_mandriva_MDVSA_2010_106.nasl |
| 2010-05-25 | Name : Aria2 metalink 'name' Directory Traversal Vulnerability File : nvt/gb_aria2_metalink_dir_traversal_vuln.nasl |
| 2010-03-22 | Name : Mandriva Update for system-config-printer MDVA-2010:106 (system-config-printer) File : nvt/gb_mandriva_MDVA_2010_106.nasl |
| 2010-01-20 | Name : Gentoo Security Advisory GLSA 201001-06 (aria2) File : nvt/glsa_201001_06.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2011-01-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201101-04.nasl - Type: ACT_GATHER_INFO |
| 2010-09-14 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_aria2-100902.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-8905.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-8908.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-8915.nasl - Type: ACT_GATHER_INFO |
| 2010-06-25 | Name: The remote openSUSE host is missing a security update. File: suse_11_2_aria2-100604.nasl - Type: ACT_GATHER_INFO |
| 2010-05-25 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2010-106.nasl - Type: ACT_GATHER_INFO |
| 2010-05-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2047.nasl - Type: ACT_GATHER_INFO |
| 2010-02-25 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201001-06.nasl - Type: ACT_GATHER_INFO |
