VWE-2022-6426 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2022-6426
This page is a chapter in Info Known Vulnerabilities

This page has been seen 187,127 times.

- Created by
  pegasus
  on March 4, 2024

Common Name None
VWE-ID VWE-2022-6426
Related Report None
Severity HIGH
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Denial of Service. On some hosts and server configurations, VaultWiki's deferred tasks trigger a false-positive in denial-of-service protective measures, which causes some visitors to inappropriately receive temporary bans or for the hosting account to be temporarily suspended, because the web-based deferred tasks may be processed in rapid succession.

Discovered April 21, 2022
Resolved May 3, 2022
Patches Available 4.1.4 Patch Level 2
4.1.3 Patch Level 4
4.1.2 Patch Level 7
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes
The issue affects all platforms, but the effects are more pronounced on XenForo-based systems.

Common Name	None
VWE-ID	VWE-2022-6426
Related Report	None
Severity	HIGH
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Denial of Service. On some hosts and server configurations, VaultWiki's deferred tasks trigger a false-positive in denial-of-service protective measures, which causes some visitors to inappropriately receive temporary bans or for the hosting account to be temporarily suspended, because the web-based deferred tasks may be processed in rapid succession.
Discovered	April 21, 2022
Resolved	May 3, 2022
Patches Available	4.1.4 Patch Level 2 4.1.3 Patch Level 4 4.1.2 Patch Level 7