Main Vulnerability Database Vulnerabilities #VU45364

Input validation error in Vanilla - CVE-2011-0910

Published: February 8, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45364

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-0910

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Lussumo

Affected software:
Vanilla

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

How to mitigate CVE-2011-0910

Install update from vendor's website.

Sources

http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729

Input validation error in Vanilla - CVE-2011-0910

Detailed vulnerability description

How to mitigate CVE-2011-0910

Sources

Please verify you're human