SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   vBulletin Vendors:   Jelsoft Enterprises
vBulletin Input Validation Flaw in Media Upload Function Lets Remote Users Conduct Server-Side Request Forgery Attacks
SecurityTracker Alert ID:  1036553
SecurityTracker URL:  http://securitytracker.com/id/1036553
CVE Reference:   CVE-2016-6483   (Links to External Site)
Date:  Aug 8 2016
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.2.0, 5.2.1, 5.2.2
Description:   A vulnerability was reported in vBulletin. A remote user can conduct server-side request forgery attacks.

A remote user can return a specially crafted HTTP 301 response when requesting upload of a media file from a remote URL to cause the target system to connect to arbitrary ports on arbitrary hosts.

The original advisory is available at:

http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt

Dawid Golunski of legalhackers.com reported this vulnerability.

Impact:   A remote user can cause the target system to connect to arbitrary ports on arbitrary hosts.
Solution:   The vendor has issued a fix (5.2.0 Patch Level 3, 5.2.1 Patch Level 1, 5.2.2 Patch Level 1).

The vendor's advisory is available at:

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2

Vendor URL:  www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF)

vBulletin
CVE-2016-6483

vBulletin software is affected by a SSRF vulnerability that allows
unauthenticated remote attackers to access internal services (such as mail
servers, memcached, couchDB, zabbix etc.) running on the server
hosting vBulletin as well as services on other servers on the local
network that are accessible from the target.

The following versions are affected:

vBulletin  <= 5.2.2
vBulletin  <= 4.2.3
vBulletin  <= 3.8.9

Technical details,PoC vBulletin exploits and links to patches provided
by the vendor can be found at:

http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt


-- 
Regards,
Dawid Golunski
http://legalhackers.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC