Published: 16/06/2008 Updated: 15/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The Web UI interface in (1) BitTorrent prior to 6.0.3 build 8642 and (2) uTorrent prior to 1.8beta build 10524 allows remote malicious users to cause a denial of service (application crash) via an HTTP request with a malformed Range header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bittorrent bittorrent 3.9.1
bittorrent bittorrent 4.0.0
bittorrent bittorrent 4.1.2
bittorrent bittorrent 4.1.3
bittorrent bittorrent 4.2.1
bittorrent bittorrent 4.2.2
bittorrent bittorrent 4.20.9
bittorrent bittorrent 4.22.0
bittorrent bittorrent 4.27.2
bittorrent bittorrent 4.3.0
bittorrent bittorrent 4.4.0
bittorrent bittorrent 4.4.1
bittorrent bittorrent 4.9.2
bittorrent bittorrent 4.9.9
bittorrent bittorrent 5.0.0
bittorrent bittorrent 5.0.7
bittorrent bittorrent 5.0.8
utorrent utorrent 1.1.5
utorrent utorrent 1.1.6
utorrent utorrent 1.4.2
utorrent utorrent 1.5
utorrent utorrent 1.7.5
utorrent utorrent 1.7.6
bittorrent bittorrent 4.0.1
bittorrent bittorrent 4.0.2
bittorrent bittorrent 4.1.4
bittorrent bittorrent 4.1.5
bittorrent bittorrent 4.20.0
bittorrent bittorrent 4.20.1
bittorrent bittorrent 4.20.2
bittorrent bittorrent 4.22.1
bittorrent bittorrent 4.22.4
bittorrent bittorrent 4.3.1
bittorrent bittorrent 4.3.2
bittorrent bittorrent 4.9.3
bittorrent bittorrent 4.9.4
bittorrent bittorrent 5.0.1
bittorrent bittorrent 5.0.2
bittorrent bittorrent 5.0.9
bittorrent bittorrent 5.2.0
utorrent utorrent 1.1.7
utorrent utorrent 1.2
utorrent utorrent 1.6
utorrent utorrent 1.7
bittorrent bittorrent
utorrent utorrent
bittorrent bittorrent 4.1.0
bittorrent bittorrent 4.1.1
bittorrent bittorrent 4.1.8
bittorrent bittorrent 4.2.0
bittorrent bittorrent 4.20.7
bittorrent bittorrent 4.20.8
bittorrent bittorrent 4.26.0
bittorrent bittorrent 4.27.1
bittorrent bittorrent 4.3.5
bittorrent bittorrent 4.3.6
bittorrent bittorrent 4.9.7
bittorrent bittorrent 4.9.8
bittorrent bittorrent 5.0.5
bittorrent bittorrent 5.0.6
utorrent utorrent 1.1.1
utorrent utorrent 1.1.3
utorrent utorrent 1.1.4
utorrent utorrent 1.3
utorrent utorrent 1.4
utorrent utorrent 1.7.3
utorrent utorrent 1.7.4
bittorrent bittorrent 4.0.3
bittorrent bittorrent 4.0.4
bittorrent bittorrent 4.1.6
bittorrent bittorrent 4.1.7
bittorrent bittorrent 4.20.4
bittorrent bittorrent 4.20.6
bittorrent bittorrent 4.24.0
bittorrent bittorrent 4.24.2
bittorrent bittorrent 4.3.3
bittorrent bittorrent 4.3.4
bittorrent bittorrent 4.9.5
bittorrent bittorrent 4.9.6
bittorrent bittorrent 5.0.3
bittorrent bittorrent 5.0.4
bittorrent bittorrent 6.0
bittorrent bittorrent 6.0.1
utorrent utorrent 1.2.1
utorrent utorrent 1.2.2
utorrent utorrent 1.7.1
utorrent utorrent 1.7.2

#!/usr/bin/perl # uTorrent / BitTorrent WebIU HTTP 177/601 Range header Denial of Service exploit # according to the following advisory: secuniacom/advisories/30605 # # usage: WebUI-dospl <url> <port> <user:pass> # Exploit written by Exodus # wwwblackhatorgil use IO::Socket; use MIME::Base64; if(@ARGV &l ...

CWE-20 http://secunia.com/secunia_research/2008-7/advisory/http://www.securityfocus.com/bid/29661 http://securitytracker.com/id?1020266 http://secunia.com/advisories/28703 http://secunia.com/advisories/30605 http://www.securitytracker.com/id?1020265 http://securityreason.com/securityalert/3943 http://www.vupen.com/english/advisories/2008/1808 http://www.vupen.com/english/advisories/2008/1809 https://www.exploit-db.com/exploits/5918 http://www.securityfocus.com/archive/1/493269/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/5918/

CVE-2008-0071

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect