Vulnerability CVE-2006-4272
Published: 2006-08-21   Modified: 2012-02-12

Description:
** DISPUTED ** Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level."

See advisories in our WLB2 database:
Topic
Author
Date
Med.
UPDATE vBulletin Version 3.5.4 exploit
x-boy
23.08.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Jelsoft -> Vbulletin 

 References:
http://archives.neohapsis.com/archives/bugtraq/2006-08/0381.html
http://securityreason.com/securityalert/1426
http://www.securityfocus.com/archive/1/443648/100/0/threaded
Copyright 2024, cxsecurity.com

 

Back to Top