Lucene search
RootSSV:3421HistoryJun 14, 2008 - 12:00 a.m.
uTorrent和BitTorrent HTTP Range头远程拒绝服务漏洞
2008-06-1400:00:00
Root
www.seebug.org
14
0.039 Low
EPSS
Percentile
91.0%
BUGTRAQ ID: 29661
CVE(CAN) ID: CVE-2008-0071
BitTorrent和uTorrent都是流行的bittorrent协议客户端,使用了相同的代码库。
BitTorrent和uTorrent没有正确地处理HTTP请求,如果远程攻击者发送了带有畸形Range头字符串的HTTP请求的话,就可能导致客户端崩溃。成功利用这个漏洞要求启用了Web UI界面,而这不是默认配置。
BitTorrent BitTorrent 6.0.1
BitTorrent uTorrent 1.7.7
BitTorrent
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.bittorrent.com/download/” target=“_blank”>http://www.bittorrent.com/download/</a>
Related
prion
prion
Design/Logic Flaw
2008-06-16 18:41:00
Buffer overflow
2009-09-04 10:30:00
cvelist
cvelist
CVE-2008-0071
2008-06-16 18:26:00
CVE-2008-7166
2022-10-03 16:13:52
securityvulns
securityvulns
[Full-disclosure] Secunia Research: uTorrent / BitTorrent Web UI HTTP "Range" Header DoS
2008-06-11 00:00:00
uTorrent / BitTorrent DoS
2008-06-11 00:00:00
cve
cve
CVE-2008-0071
2008-06-16 18:41:00
CVE-2008-7166
2009-09-04 10:30:00