VWE-2017-3415 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-3415
This page is a chapter in Info Known Vulnerabilities

This page has been seen 188,681 times.

- Created by
  pegasus
  on February 17, 2017

Common Name None
VWE-ID VWE-2017-3415
Related Report None
Severity HIGH
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description CAN-SPAM Non-compliance for subscriptions of threads moved into the wiki.

Discovered January 26, 2017
Resolved February 17, 2017
Patches Available 4.0.16 Patch Level 1
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

More Details
The unsubscribe URL of subscription emails sent within the past 30 days are no longer valid after the thread is moved. A user wishing to unsubscribe will be unsubscribed from the thread or receive a message that the thread no longer exists. However, the user will continue to receive emails from the new wiki page. This patch changes the behavior so that a thread that is moved into the wiki does not also have its subscriptions moved; any subscribers who wish to keep their subscriptions will need to re-subscribe. For any threads moved prior to the patch, please submit a private support ticket.

Common Name	None
VWE-ID	VWE-2017-3415
Related Report	None
Severity	HIGH
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	CAN-SPAM Non-compliance for subscriptions of threads moved into the wiki.
Discovered	January 26, 2017
Resolved	February 17, 2017
Patches Available	4.0.16 Patch Level 1