Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0450

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0450
Last Modified 05 Sep 2008 04:59:17
Published 26 Jan 2006 07:03:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0450

Summary

phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0 Beta1

  • Phpbb Group Phpbb 2.0 Rc1

  • Phpbb Group Phpbb 2.0 Rc2

  • Phpbb Group Phpbb 2.0 Rc3

  • Phpbb Group Phpbb 2.0 Rc4

  • Phpbb Group Phpbb 2.0.0

  • Phpbb Group Phpbb 2.0.1

  • Phpbb Group Phpbb 2.0.10

  • Phpbb Group Phpbb 2.0.11

  • Phpbb Group Phpbb 2.0.12

  • Phpbb Group Phpbb 2.0.13

  • Phpbb Group Phpbb 2.0.14

  • Phpbb Group Phpbb 2.0.15

  • Phpbb Group Phpbb 2.0.16

  • Phpbb Group Phpbb 2.0.17

  • Phpbb Group Phpbb 2.0.18

  • Phpbb Group Phpbb 2.0.19

  • Phpbb Group Phpbb 2.0.2

  • Phpbb Group Phpbb 2.0.3

  • Phpbb Group Phpbb 2.0.4

  • Phpbb Group Phpbb 2.0.5

  • Phpbb Group Phpbb 2.0.6

  • Phpbb Group Phpbb 2.0.6c

  • Phpbb Group Phpbb 2.0.6d

  • Phpbb Group Phpbb 2.0.7

  • Phpbb Group Phpbb 2.0.7a

  • Phpbb Group Phpbb 2.0.8

  • Phpbb Group Phpbb 2.0.8a

  • Phpbb Group Phpbb 2.0.9


References

BUGTRAQ - 20060125 HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability

MISC - http://www.h4cky0u.org/advisories/HYSA-2006-001-phpbb.txt

MISC - http://h4cky0u.org/viewtopic.php?t=637

XF - phpbb-search-profile-dos(24327)

SREASON - 368


Last Updated: 27 May 2016 10:41:39