CVE-2017-6504

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-6504

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6504.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-6504

Downstream

DEBIAN-CVE-2017-6504

DLA-897-1

UBUNTU-CVE-2017-6504

Published

2017-03-06T02:59:00Z

Modified

2025-10-15T09:03:57.196621Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.

References

Affected packages

Git / github.com/qbittorrent/qbittorrent

Affected ranges

Type: GIT
Repo: https://github.com/qbittorrent/qbittorrent
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f5ad04766f4abaa78374ff03704316f8ce04627d

Affected versions

release-2.*

release-2.9.0

release-3.*

release-3.0.0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/qbittorrent/qbittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d",
        "deprecated": false,
        "target": {
            "file": "src/base/http/types.h"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2017-6504-1a2f7f09",
        "digest": {
            "line_hashes": [
                "63528601637150015425696404348314044473",
                "93672592725364108551219071659973863538",
                "283067958532443803662862953009386888766",
                "165626982830155749300251657218793077366"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://github.com/qbittorrent/qbittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d",
        "deprecated": false,
        "target": {
            "file": "src/webui/abstractwebapplication.cpp",
            "function": "AbstractWebApplication::processRequest"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2017-6504-5e431c1c",
        "digest": {
            "function_hash": "194664120358939637373534022963674437370",
            "length": 468.0
        }
    },
    {
        "source": "https://github.com/qbittorrent/qbittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d",
        "deprecated": false,
        "target": {
            "file": "src/webui/abstractwebapplication.cpp"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2017-6504-848cf254",
        "digest": {
            "line_hashes": [
                "193451322726643751373163104625267832267",
                "308342791731152669602398507322068816155",
                "140190190001818533141518472870453987174",
                "85601246813242774465113774726290531372"
            ],
            "threshold": 0.9
        }
    }
]