This is an old revision of this page, as edited August 27, 2018, 1:19 PM by pegasus(contribs). It may differ significantly from the current revision.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2018-4625 Related Report None Severity HIGH Exploit Difficulty NORMAL Platform XenForo Description Denial of Service Amplification. A distributed attack that posts comments to a single wiki discussion may be able to achieve denial of service due to a flaw in the quick reply handler.
Discovered July 27, 2018 Resolved August 27, 2018 Patches Available 4.0.23 Patch Level 2
4.0.22 Patch Level 4
4.0.21 Patch Level 5
4.0.20 Patch Level 8
4.0.19 Patch Level 11Workaround In the Wiki admin panel, go to Permissions > Usergroups, and make sure that any usergroups that could potentially include large numbers of users do not have permission to post new comments.