VWE-2016-2064
Return to current revision
Current Revision
March 4, 2024, 11:31 AM
Differences in Content
-
[template]Vulnerability
| cve=
| aka=Greedy Widget Vulnerability
| severity=Extreme
| difficulty=Easy
| description=Denial of service amplification. -
+| platform=XF1
-
| lite=no
| discover-date=February 1, 2016
| patch-date=February 9, 2016
| patches=4.0.8 Patch Level 2
4.0.7 Patch Level 3
4.0.6 Patch Level 6
4.0.5 Patch Level 6
4.0.4 Patch Level 6
4.0.3 Patch Level 6
4.0.2 Patch Level 9
| workaround=In your forum software's BB-Code Manager, disable parsing of the BB-Code with unique identifier "vw_widget_tag," "vw_forumindex_tag," "vw_bookindex_tag," and "vw_showthreads_tag."
[/template] -
+[h=3]Notes[/h]
Further investigation of the related [wiki]VWE-2022-6469[/wiki] in 2024 revealed that this issue only affected XenForo 1.x platforms, though at the time it was implied to affect all platforms.