• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
    • Forum
    • Wiki
    • Support
    • Feeds
    • What's New?
    • Buy Now
    • Manual
      • Install/Upgrade
      • Admin Manual
      • User Manual
      • Style/Phrase Changes
      • Changelog
      • Security Issues
    • 
    • Wiki
    • Book
    • Documentation
    • VWE-2018-4670

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    • Category
    • Comments
    • View
      • List of Sub-Categories in This Category
      • List of Pages in This Category
      • Source Code
      • History of Edits
      • Feeds That Show This Page
      • Categories That List This Page
    • English (US)

    VWE-2018-4670

    View this page's RSS feed

    This page is a chapter in Info Known Vulnerabilities
    Common NameNone
    VWE-IDVWE-2018-4670
    Related ReportNone
    SeverityHIGH
    Exploit DifficultyEASY
    PlatformXenForo
    DescriptionDenial of Service amplification. Due to a lack of limits on template usage, using a specially crafted wiki page and wiki templates, it may be possible to execute many thousands of queries on the wiki page, which may cause MySQL or PHP to become unresponsive under load.
    DiscoveredSeptember 26, 2018
    ResolvedOctober 8, 2018
    Patches Available4.0.24 Patch Level 1
    4.0.23 Patch Level 3
    4.0.22 Patch Level 5
    4.0.21 Patch Level 6
    4.0.20 Patch Level 9
    WorkaroundIt is not possible to workaround this issue.
    The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

    Notes

    The fix places hard limits on the number of templates, including templates within other templates, that each page is allowed to render. Although amplification is only possible on XenForo platforms, the patch also makes changes to vBulletin-related code.
    Info Known Vulnerabilities
    VWE-2018-4667 
    VWE-2018-4671 
     Categories: XSS 4.0.0 XSS 4.0.0 Beta 1 XSS 4.0.0 Beta 2 XSS 4.0.0 Beta 3 XSS 4.0.0 Beta 4 XSS 4.0.0 Beta 5 XSS 4.0.0 Beta 6 XSS 4.0.0 Beta 7 XSS 4.0.0 Gamma 1 XSS 4.0.0 Gamma 2 XSS 4.0.0 Gamma 3 XSS 4.0.0 Gamma 4 XSS 4.0.0 Gamma 5 XSS 4.0.0 Gamma 6 XSS 4.0.0 Gamma 7 XSS 4.0.0 Patch Level 1 XSS 4.0.0 Patch Level 2 XSS 4.0.0 Patch Level 3 XSS 4.0.0 Patch Level 4 XSS 4.0.0 Patch Level 5 XSS 4.0.0 Patch Level 6 XSS 4.0.0 Patch Level 7 XSS 4.0.0 Patch Level 8 XSS 4.0.0 Patch Level 9 XSS 4.0.0 RC 1 More…

    This page has been seen 98 times.

      • Created by
        pegasus
        • View Public Profile
        • Show contributions to this page
        • Send a private message to pegasus
        • Visit pegasus's homepage!
        on October 8, 2018

    Sub-Categories of VWE-2018-4670

    1. X

      1. XSS 4.0.0

      2. XSS 4.0.0 Beta 1

      3. XSS 4.0.0 Beta 2

      4. XSS 4.0.0 Beta 3

      5. XSS 4.0.0 Beta 4

      6. XSS 4.0.0 Beta 5

      7. XSS 4.0.0 Beta 6

      8. XSS 4.0.0 Beta 7

      9. XSS 4.0.0 Gamma 1

      10. XSS 4.0.0 Gamma 2

      11. XSS 4.0.0 Gamma 3

      12. XSS 4.0.0 Gamma 4

      13. XSS 4.0.0 Gamma 5

      14. XSS 4.0.0 Gamma 6

      15. XSS 4.0.0 Gamma 7

      16. XSS 4.0.0 Patch Level 1

      17. XSS 4.0.0 Patch Level 2

      18. XSS 4.0.0 Patch Level 3

      19. XSS 4.0.0 Patch Level 4

      20. XSS 4.0.0 Patch Level 5

      21. XSS 4.0.0 Patch Level 6

      22. XSS 4.0.0 Patch Level 7

      23. XSS 4.0.0 Patch Level 8

      24. XSS 4.0.0 Patch Level 9

      25. XSS 4.0.0 RC 1

      26. XSS 4.0.0 RC 1 Patch Level 1

      27. XSS 4.0.0 RC 1 Patch Level 2

      28. XSS 4.0.0 RC 1 Patch Level 3

      29. XSS 4.0.0 RC 1 Patch Level 4

      30. XSS 4.0.0 RC 1 Patch Level 5

      31. XSS 4.0.0 RC 1 Patch Level 6

      32. XSS 4.0.0 RC 1 Patch Level 7

      33. XSS 4.0.0 RC 2

      34. XSS 4.0.0 RC 2 Patch Level 1

    2. X (cont.)

      1. XSS 4.0.0 RC 2 Patch Level 2

      2. XSS 4.0.0 RC 2 Patch Level 3

      3. XSS 4.0.0 RC 2 Patch Level 4

      4. XSS 4.0.0 RC 2 Patch Level 5

      5. XSS 4.0.0 RC 2 Patch Level 6

      6. XSS 4.0.0 RC 2 Patch Level 7

      7. XSS 4.0.0 RC 3

      8. XSS 4.0.0 RC 3 Patch Level 1

      9. XSS 4.0.0 RC 3 Patch Level 2

      10. XSS 4.0.0 RC 3 Patch Level 3

      11. XSS 4.0.0 RC 3 Patch Level 4

      12. XSS 4.0.0 RC 3 Patch Level 5

      13. XSS 4.0.0 RC 3 Patch Level 6

      14. XSS 4.0.0 RC 3 Patch Level 7

      15. XSS 4.0.0 RC 4

      16. XSS 4.0.0 RC 4 Patch Level 1

      17. XSS 4.0.0 RC 4 Patch Level 2

      18. XSS 4.0.0 RC 4 Patch Level 3

      19. XSS 4.0.0 RC 4 Patch Level 4

      20. XSS 4.0.0 RC 4 Patch Level 5

      21. XSS 4.0.0 RC 4 Patch Level 6

      22. XSS 4.0.0 RC 4 Patch Level 7

      23. XSS 4.0.0 RC 4 Patch Level 8

      24. XSS 4.0.0 RC 5

      25. XSS 4.0.0 RC 5 Patch Level 1

      26. XSS 4.0.0 RC 5 Patch Level 2

      27. XSS 4.0.0 RC 5 Patch Level 3

      28. XSS 4.0.0 RC 5 Patch Level 4

      29. XSS 4.0.0 RC 5 Patch Level 5

      30. XSS 4.0.0 RC 5 Patch Level 6

      31. XSS 4.0.0 RC 5 Patch Level 7

      32. XSS 4.0.0 RC 5 Patch Level 8

      33. XSS 4.0.1

      34. XSS 4.0.1 Patch Level 1

    3. X (cont.)

      1. XSS 4.0.1 Patch Level 10

      2. XSS 4.0.1 Patch Level 11

      3. XSS 4.0.1 Patch Level 2

      4. XSS 4.0.1 Patch Level 3

      5. XSS 4.0.1 Patch Level 4

      6. XSS 4.0.1 Patch Level 5

      7. XSS 4.0.1 Patch Level 6

      8. XSS 4.0.1 Patch Level 7

      9. XSS 4.0.1 Patch Level 8

      10. XSS 4.0.1 Patch Level 9

      11. XSS 4.0.10

      12. XSS 4.0.10 Patch Level 1

      13. XSS 4.0.10 Patch Level 10

      14. XSS 4.0.10 Patch Level 11

      15. XSS 4.0.10 Patch Level 2

      16. XSS 4.0.10 Patch Level 3

      17. XSS 4.0.10 Patch Level 4

      18. XSS 4.0.10 Patch Level 5

      19. XSS 4.0.10 Patch Level 6

      20. XSS 4.0.10 Patch Level 7

      21. XSS 4.0.10 Patch Level 8

      22. XSS 4.0.10 Patch Level 9

      23. XSS 4.0.11

      24. XSS 4.0.11 Patch Level 1

      25. XSS 4.0.11 Patch Level 10

      26. XSS 4.0.11 Patch Level 2

      27. XSS 4.0.11 Patch Level 3

      28. XSS 4.0.11 Patch Level 4

      29. XSS 4.0.11 Patch Level 5

      30. XSS 4.0.11 Patch Level 6

      31. XSS 4.0.11 Patch Level 7

      32. XSS 4.0.11 Patch Level 8

    Discussions for VWE-2018-4670

    1. Custom Discussion

      A test custom topic.
      0
      Never

    Current Discussion: Main discussion

    1. No comments have been posted for this discussion.

    Users Browsing This Page (0 members, 1 guests)

    Find a Wiki Page

    Show results of these types:

    Recent Activity

    Filters

    Icon Legend

    • Category with listings
    • Discussion for a page
    Color code
    • Content has new updates
    • Content has no updates
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 8:58 AM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2019 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
    Copyright © 2008 - 2013 VaultWiki Team, Cracked Egg Studios, LLC.
    "" powered by VaultWiki v4.1.0 Alpha 2.