CVE-2006-4272
First published: Mon Aug 21 2006(Updated: )
** DISPUTED ** Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jelsoft vBulletin | =3.5.4 | |
| =3.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/weakness
- agent/status
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/jelsoft
- canonical/jelsoft vbulletin
- version/jelsoft vbulletin/3.5.4
- status/disputed