CVE-2010-4625:mybb: MyBB (aka MyBulletinBoard) before 1.4.12 does not p...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4625

mybb: MyBB (aka MyBulletinBoard) before 1.4.12 does not p...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4625

Original

MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-30

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-31

Affected Product Tags

cpe:/a:mybb:mybb:1.00

cpe:/a:mybb:mybb:1.01

cpe:/a:mybb:mybb:1.02

cpe:/a:mybb:mybb:1.03

cpe:/a:mybb:mybb:1.04

cpe:/a:mybb:mybb:1.1.0

cpe:/a:mybb:mybb:1.1.1

cpe:/a:mybb:mybb:1.1.2

cpe:/a:mybb:mybb:1.1.3

cpe:/a:mybb:mybb:1.1.4

cpe:/a:mybb:mybb:1.1.5

cpe:/a:mybb:mybb:1.1.6

cpe:/a:mybb:mybb:1.1.7

cpe:/a:mybb:mybb:1.1.8

cpe:/a:mybb:mybb:1.2

cpe:/a:mybb:mybb:1.2.0

cpe:/a:mybb:mybb:1.2.1

cpe:/a:mybb:mybb:1.2.10

cpe:/a:mybb:mybb:1.2.11

cpe:/a:mybb:mybb:1.2.12

cpe:/a:mybb:mybb:1.2.13

cpe:/a:mybb:mybb:1.2.2

cpe:/a:mybb:mybb:1.2.3

cpe:/a:mybb:mybb:1.2.4

cpe:/a:mybb:mybb:1.2.5

cpe:/a:mybb:mybb:1.2.6

cpe:/a:mybb:mybb:1.2.7

cpe:/a:mybb:mybb:1.2.8

cpe:/a:mybb:mybb:1.2.9

cpe:/a:mybb:mybb:1.4.0

cpe:/a:mybb:mybb:1.4.10

cpe:/a:mybb:mybb:1.4.11 and previous versions

cpe:/a:mybb:mybb:1.4.2

cpe:/a:mybb:mybb:1.4.3

cpe:/a:mybb:mybb:1.4.6

cpe:/a:mybb:mybb:1.4.8

cpe:/a:mybb:mybb:1.4.9

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/

CONFIRM http://dev.mybboard.net/issues/809

MISC http://community.mybb.com/thread-66255.html

MLIST [oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12

MLIST [oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12

MLIST [oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12

Vulnerability Type Information Leak / Disclosure (CWE-200)