NuytsTech Security

CVE-2006-4272

by ·

** DISPUTED **

Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. … if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level."

Date published : 2006-08-21

http://www.securityfocus.com/archive/1/443648/100/0/threaded

http://archives.neohapsis.com/archives/bugtraq/2006-08/0381.html

Tags: