SB2016081009 - Server-Side request forgery in vBulletin
Published: August 10, 2016 Updated: October 15, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Server-Side Request Forgery (CVE-ID: CVE-2016-6483)
The vulnerability allows a remote attacker to perform server-side forgery attacks and compromise vulnerable system.
The vulnerability exists due to incorrect link handling in file upload functionality. A remote attacker can use a malicious server that returns a 301 HTTP redirect response to local resource to connect to services within internal network or on localhost.
Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.
References
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-secu...
- http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-secu...
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-secu...