MyBB < 1.6.14 DoS

medium Nessus Network Monitor Plugin ID 8630

Synopsis

The remote web server is running a PHP application that is vulnerable to a denial of service vulnerability.

Description

The remote web server hosts MyBulletinBoard, a web-based discussion board application. Versions of MyBB 1.6.x before 1.6.14 are potentially affected by a denial of service vulnerability when handling malformed emails. An attacker can exploit this issue to crash the application or deny service to legitimate users. This issue specifically affects the 'sendthread.php' script, which is used to share forum threads between friends via email.

Solution

Upgrade to MyBB 1.6.14 or later.

See Also

http://seclists.org/bugtraq/2014/May/155

Plugin Details

Severity: Medium

ID: 8630

Family: CGI

Published: 1/22/2015

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mybb:mybb

Patch Publication Date: 5/29/2014

Vulnerability Publication Date: 5/29/2014

Reference Information

BID: 67719