Detections
Analytics

LimeWire < 4.8.0 Directory Traversal Arbitrary File Access

medium Nessus Network Monitor Plugin ID 2710

Synopsis

The remote client is vulnerable to an arbitrary file download flaw.

Description

The remote host is running LimeWire, a Gnutella client used for peer-to-peer file sharing. The host is running a version of Limewire that is vulnerable to a remote exploit via a parsing error. An attacker exploiting this flaw would pass the client a specially formatted request which, when processed, would give the attacker the ability to download any file on the Gnutella client.

Solution

Upgrade to version 4.8.0 or higher.

Plugin Details

Severity: Medium

ID: 2710

Published: 3/15/2005

Updated: 3/6/2019

Nessus ID: 17973

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:limewire:limewire

Reference Information

CVE: CVE-2005-0788, CVE-2005-0789

BID: 12802