VWE-2017-4266 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-4266
This page is a chapter in Info Known Vulnerabilities

This page has been seen 365,801 times.

    • Created by on
Common NameNone
VWE-IDVWE-2017-4266
Related ReportNone
SeverityExtreme
Exploit DifficultyEASY
PlatformAffects all platforms supported by the vulnerable versions.
DescriptionDenial of Service. A malicious user can balloon the size of the CSS cache at will.
DiscoveredNovember 5, 2017
ResolvedDecember 1, 2017
Patches Available4.0.20 Patch Level 1
4.0.19 Patch Level 4
4.0.18 Patch Level 5
4.0.17 Patch Level 7
4.0.16 Patch Level 8
4.0.15 Patch Level 12
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes

We discovered a similar issue in XenForo 1.x and 2.x at the same time. We reported the issue to XenForo developers, and it is fixed in XenForo 1.5.16 and 2.0.0, respectively.