CVE-2016-6483: SSRF
First published: Fri Sep 02 2016(Updated: )
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| vBulletin | =3.8.7 | |
| vBulletin | =3.8.8 | |
| vBulletin | =3.8.9 | |
| vBulletin | =4.2.2 | |
| vBulletin | =4.2.3 | |
| vBulletin | =5.2.0 | |
| vBulletin | =5.2.1 | |
| vBulletin | =5.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt
- http://www.securityfocus.com/bid/92350
- http://www.securitytracker.com/id/1036553
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2
- https://www.exploit-db.com/exploits/40225/
Frequently Asked Questions
What is the severity of CVE-2016-6483?
CVE-2016-6483 has a Medium severity rating due to its potential for remote code execution.
How do I fix CVE-2016-6483?
To fix CVE-2016-6483, upgrade your vBulletin installation to the latest patched version.
Which vBulletin versions are affected by CVE-2016-6483?
vBulletin versions prior to 3.8.7 Patch Level 6, 3.8.8 Patch Level 2, 3.8.9 Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 Patch Level 1, and 5.2.2 Patch Level 1 are affected.
Can CVE-2016-6483 be exploited remotely?
Yes, CVE-2016-6483 allows remote attackers to exploit the vulnerability.
What is the impact of CVE-2016-6483?
The impact of CVE-2016-6483 can lead to unintended access to internal services or data due to the SSRF vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vbulletin
- canonical/vbulletin
- version/vbulletin/3.8.7
- version/vbulletin/3.8.8
- version/vbulletin/3.8.9
- version/vbulletin/4.2.2
- version/vbulletin/4.2.3
- version/vbulletin/5.2.0
- version/vbulletin/5.2.1
- version/vbulletin/5.2.2