PT-2016-6949 · Vbulletin Solutions · Vbulletin
Dawid Golunski
·
Publicado
2016-09-02
·
Atualizado
2017-09-03
·
CVE-2016-6483
CVSS v3.1
8.6
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
vBulletin versions prior to 3.8.7 Patch Level 6
vBulletin versions prior to 3.8.8 Patch Level 2
vBulletin versions prior to 3.8.9 Patch Level 1
vBulletin versions prior to 4.2.2 Patch Level 6
vBulletin versions prior to 4.2.3 Patch Level 2
vBulletin versions prior to 5.2.0 Patch Level 3
vBulletin versions prior to 5.2.1 Patch Level 1
vBulletin versions prior to 5.2.2 Patch Level 1
Description
The media-file upload feature in vBulletin allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via a crafted URL that results in a Redirection HTTP status code. This issue can be exploited by sending a specially crafted URL.
Recommendations
For versions prior to 3.8.7 Patch Level 6, update to 3.8.7 Patch Level 6 or later.
For versions prior to 3.8.8 Patch Level 2, update to 3.8.8 Patch Level 2 or later.
For versions prior to 3.8.9 Patch Level 1, update to 3.8.9 Patch Level 1 or later.
For versions prior to 4.2.2 Patch Level 6, update to 4.2.2 Patch Level 6 or later.
For versions prior to 4.2.3 Patch Level 2, update to 4.2.3 Patch Level 2 or later.
For versions prior to 5.2.0 Patch Level 3, update to 5.2.0 Patch Level 3 or later.
For versions prior to 5.2.1 Patch Level 1, update to 5.2.1 Patch Level 1 or later.
For versions prior to 5.2.2 Patch Level 1, update to 5.2.2 Patch Level 1 or later.
Exploit
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vbulletin