VWE-2021-6252 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2021-6252
This page is a chapter in Info Known Vulnerabilities

This page has been seen 176,667 times.

- Created by
  pegasus
  on October 25, 2021

Common Name None
VWE-ID VWE-2021-6252
Related Report None
Severity Extreme
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description Denial of Service amplification. A distributed attack can consume available MySQL connections by submitting extremely high amounts of choices to a bulk chooser's submission script, because the number of choices is not limited prior to querying MySQL. This occurs due to a lack of completeness in the patches for VWE-2016-2034.

Discovered October 16, 2021
Resolved October 25, 2021
Patches Available 4.1.2 Patch Level 3
4.1.1 Patch Level 8
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2021-6252
Related Report	None
Severity	Extreme
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	Denial of Service amplification. A distributed attack can consume available MySQL connections by submitting extremely high amounts of choices to a bulk chooser's submission script, because the number of choices is not limited prior to querying MySQL. This occurs due to a lack of completeness in the patches for VWE-2016-2034.
Discovered	October 16, 2021
Resolved	October 25, 2021
Patches Available	4.1.2 Patch Level 3 4.1.1 Patch Level 8