Secunia Logo
Netsikker nu! 2008
 
uTorrent Web UI Malformed HTTP "Range" Header Denial of Service
Secunia Advisory: SA28703
Release Date: 2008-06-11
Popularity: 3,659 views

Critical:
Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Workaround

Software:uTorrent 1.x

Binary Analysis: BA376 :: Available for 1 Credit

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2008-0071


Description:
Secunia Research has discovered a vulnerability in uTorrent, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the handling of HTTP requests and can be exploited to cause the application to crash by sending an HTTP request with a malformed "Range" header string.

Successful exploitation requires that the Web UI interface is enabled (not default).

The vulnerability is confirmed in version 1.7.7 (build 8179) on Windows. Other versions may also be affected.

Solution:
The vulnerability is fixed in uTorrent 1.8 Beta (build 10524).

Provided and/or discovered by:
Dyon Balding, Secunia Research.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2008-7/


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. CA ARCserve Backup Multiple Vulnerabilities // 25 views
2. Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow // 22 views
3. CUPS Multiple Vulnerabilities // 21 views
4. Red Hat update for cups // 20 views
5. DFF PHP Framework API "DFF_config[dir_include]" File Inclusion Vulnerabilities // 19 views
6. Ubuntu update for ruby1.8 // 18 views
7. Apple Mac OS X Security Update Fixes Multiple Vulnerabilities // 18 views
8. FUJITSU Interstage Products Apache Tomcat Security Bypass // 18 views
9. ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability // 16 views
10. Fedora update for ruby // 15 views