Published: 22 May 2009
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
8.04 LTS does not provide a web interface 9.04 switched http implementations from shttpd to evhttpd. As a result, the upstream patch is not valid on 8.10 and a new patch needs to be written from scratch. The web interface in 8.10 is considered beta and is disabled by default. The web interface must be enabled and the user must be tricked into navigating his/her browser to a malicious site while transmission is running.