| VID |
12070 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The BadBlue server is vulnerable to a denial of service attack by an invalid GET request. BadBlue is a P2P file sharing Web server distributed by Working Resources for Microsoft Windows operating systems. BadBlue Personal Edition version 1.7.3 is vulnerable to a denial of service attack. By sending a specially crafted GET request (specifically, one with no filename component), it is possible to cause the server to stop handling further requests. The server must be restarted to resume normal operation.
* References:
http://www.securityfocus.com/archive/1/282054
http://archives.neohapsis.com/archives/bugtraq/2002-07/0082.html
* Platforms Affected:
Working Resources Inc., BadBlue Personal Edition 1.7.3
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of BadBlue (2.61 or later), available from the BadBlue Download Web site at http://www.badblue.com/down.htm |
| Related URL |
CVE-2002-1023 (CVE) |
| Related URL |
5187 (SecurityFocus) |
| Related URL |
9528 (ISS) |
|
