MyBB < 1.6.14 DoS

Medium Nessus Network Monitor Plugin ID 8630

Synopsis

The remote web server is running a PHP application that is vulnerable to a denial of service vulnerability.

Description

The remote web server hosts MyBulletinBoard, a web-based discussion board application. Versions of MyBB 1.6.x before 1.6.14 are potentially affected by a denial of service vulnerability when handling malformed emails. An attacker can exploit this issue to crash the application or deny service to legitimate users. This issue specifically affects the 'sendthread.php' script, which is used to share forum threads between friends via email.

Solution

Upgrade to MyBB 1.6.14 or later.

See Also

http://seclists.org/bugtraq/2014/May/155

Plugin Details

Severity: Medium

ID: 8630

Family: CGI

Published: 2015/01/22

Modified: 2018/09/16

Dependencies: 9125

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mybb:mybb

Patch Publication Date: 2014/05/29

Vulnerability Publication Date: 2014/05/29

Reference Information

BID: 67719