VWE-2016-3112 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2016-3112
This page is a chapter in Info Known Vulnerabilities

This page has been seen 248,364 times.

- Created by
  pegasus
  on December 21, 2016
  
  Last updated by
  pegasus
  on February 16, 2017

Common Name Opt-Block Vulnerability
VWE-ID VWE-2016-3112
Related Report None
Severity HIGH
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description CAN-SPAM Non-Compliance.

Discovered December 20, 2016
Resolved December 21, 2016
Patches Available 4.0.15 Patch Level 3
4.0.14 Patch Level 6
4.0.13 Patch Level 6
4.0.12 Patch Level 7
4.0.11 Patch Level 7
4.0.10 Patch Level 8
4.0.9 Patch Level 8
4.0.8 Patch Level 10
Workaround For unsent notifications, set Settings > VaultWiki: Notifications > Enable Wiki Subscriptions = No. For notifications that were already sent, the only solution is applying a patch.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Opt-Block Vulnerability
VWE-ID	VWE-2016-3112
Related Report	None
Severity	HIGH
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	CAN-SPAM Non-Compliance.
Discovered	December 20, 2016
Resolved	December 21, 2016
Patches Available	4.0.15 Patch Level 3 4.0.14 Patch Level 6 4.0.13 Patch Level 6 4.0.12 Patch Level 7 4.0.11 Patch Level 7 4.0.10 Patch Level 8 4.0.9 Patch Level 8 4.0.8 Patch Level 10
Workaround	For unsent notifications, set Settings > VaultWiki: Notifications > Enable Wiki Subscriptions = No. For notifications that were already sent, the only solution is applying a patch.