CVE-2008-6587

Name of the Vulnerable Software and Affected Versions Vuze versions prior to 0.7.6

Description A cross-site request forgery issue allows remote attackers to hijack user authentication for requests, forcing the download of arbitrary torrent files via the upurl parameter.

Recommendations For versions prior to 0.7.6, as a temporary workaround, consider restricting access to the upurl parameter in the affected API endpoint until a patch is available.