Main Vulnerability Database Vulnerabilities #VU300

#VU300 Server-Side Request Forgery in vBulletin - CVE-2016-6483

Published: August 10, 2016 / Updated: February 17, 2017

Vulnerability identifier: #VU300

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2016-6483

CWE-ID: CWE-918

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
vBulletin

Software vendor:
vBulletin

Description

The vulnerability allows a remote attacker to perform server-side forgery attacks and compromise vulnerable system.

The vulnerability exists due to incorrect link handling in file upload functionality. A remote attacker can use a malicious server that returns a 301 HTTP redirect response to local resource to connect to services within internal network or on localhost.

Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Remediation

To resolve this issue install security patch from vendor's website:

5.2.2 Patch Level 1
5.2.1 Patch Level 1
5.2.0 Patch Level 3

4.2.3 Patch Level 2
4.2.2 Patch Level 6

3.8.9 Patch Level 1
3.8.8 Patch Level 2
3.8.7 Patch Level 6

#VU300 Server-Side Request Forgery in vBulletin - CVE-2016-6483

Description

Remediation

External links

Please verify you're human