CVE-2016-6483 - OpenCVE

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Vbulletin	Vbulletin

Configuration 1 [-]

OR	cpe:2.3:a:vbulletin:vbulletin:3.8.7:::::::*
	cpe:2.3:a:vbulletin:vbulletin:3.8.8:::::::*
	cpe:2.3:a:vbulletin:vbulletin:3.8.9:::::::*
	cpe:2.3:a:vbulletin:vbulletin:4.2.2:::::::*
	cpe:2.3:a:vbulletin:vbulletin:4.2.3:::::::*
	cpe:2.3:a:vbulletin:vbulletin:5.2.0:::::::*
	cpe:2.3:a:vbulletin:vbulletin:5.2.1:::::::*
	cpe:2.3:a:vbulletin:vbulletin:5.2.2:::::::*

References

Link	Resource
http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt	Exploit Third Party Advisory
http://www.securityfocus.com/bid/92350
http://www.securitytracker.com/id/1036553
http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta	Patch
http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta	Patch
http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2	Patch
https://www.exploit-db.com/exploits/40225/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-09-02T01:00:00

Updated: 2017-09-02T09:57:01

Reserved: 2016-07-27T00:00:00

Link: CVE-2016-6483

JSON object: View

NVD Information

Status : Modified

Published: 2016-09-02T01:59:03.600

Modified: 2017-09-03T01:29:11.357

Link: CVE-2016-6483

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-02T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2"}, {"name": "40225", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40225/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta"}, {"tags": ["x_refsource_MISC"], "url": "http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta"}, {"name": "1036553", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036553"}, {"name": "92350", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92350"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6483", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2", "refsource": "CONFIRM", "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2"}, {"name": "40225", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40225/"}, {"name": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta", "refsource": "CONFIRM", "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta"}, {"name": "http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt", "refsource": "MISC", "url": "http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt"}, {"name": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta", "refsource": "CONFIRM", "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta"}, {"name": "1036553", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036553"}, {"name": "92350", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92350"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6483", "datePublished": "2016-09-02T01:00:00", "dateReserved": "2016-07-27T00:00:00", "dateUpdated": "2017-09-02T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "671C29DF-EF49-4D5D-94A6-C0FC56DF03A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "4296DD05-E2E2-4597-85F9-B873468EE6A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "880A926A-FFE2-4D1E-8FEF-CFEA725F1959", "vulnerable": true}, {"criteria": "cpe:2.3:a:vbulletin:vbulletin:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A09E44AB-A35C-41FD-8140-2AEEB0053A7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:vbulletin:vbulletin:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "A5CEB9BE-509E-4EFA-B519-3448ABDECBD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vbulletin:vbulletin:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB0EF44A-C395-4AA8-BA73-4BCED75D8FA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vbulletin:vbulletin:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7060BEF3-5173-4270-8FB2-6C305D8E2042", "vulnerable": true}, {"criteria": "cpe:2.3:a:vbulletin:vbulletin:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3E761902-410B-4053-BB7D-1AB5666E5F07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code."}, {"lang": "es", "value": "La funcionalidad de carga de archivos multimedia en vBulletin en versiones anteriores a 3.8.7 Patch Level 6, 3.8.8 en versiones anteriores a Patch Level 2, 3.8.9 en versiones anteriores a Patch Level 1, 4.x en versiones anteriores a 4.2.2 Patch Level 6, 4.2.3 en versiones anteriores a Patch Level 2, 5.x en versiones anteriores a 5.2.0 Patch Level 3, 5.2.1 en versiones anteriores a Patch Level 1 y 5.2.2 en versiones anteriores a Patch Level 1 permite a atacantes remotos llevar a cabo ataques SSRF a trav\u00e9s de una URL manipulada que resulta en un c\u00f3digo de estado Redirection HTTP."}], "id": "CVE-2016-6483", "lastModified": "2017-09-03T01:29:11.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-02T01:59:03.600", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/92350"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036553"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/40225/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}