VWE-2017-4266 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-4266
This page is a chapter in Info Known Vulnerabilities

This page has been seen 575,682 times.

- Created by
  pegasus
  on December 2, 2017

Common Name None
VWE-ID VWE-2017-4266
Related Report None
Severity Extreme
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Denial of Service. A malicious user can balloon the size of the CSS cache at will.

Discovered November 5, 2017
Resolved December 1, 2017
Patches Available 4.0.20 Patch Level 1
4.0.19 Patch Level 4
4.0.18 Patch Level 5
4.0.17 Patch Level 7
4.0.16 Patch Level 8
4.0.15 Patch Level 12
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes
We discovered a similar issue in XenForo 1.x and 2.x at the same time. We reported the issue to XenForo developers, and it is fixed in XenForo 1.5.16 and 2.0.0, respectively.

Common Name	None
VWE-ID	VWE-2017-4266
Related Report	None
Severity	Extreme
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Denial of Service. A malicious user can balloon the size of the CSS cache at will.
Discovered	November 5, 2017
Resolved	December 1, 2017
Patches Available	4.0.20 Patch Level 1 4.0.19 Patch Level 4 4.0.18 Patch Level 5 4.0.17 Patch Level 7 4.0.16 Patch Level 8 4.0.15 Patch Level 12