Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2327

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2327
Last Modified 14 Aug 2012 09:49:59
Published 13 Aug 2012 02:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2327

Summary

MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.

Vulnerable Systems

Application

  • Mybb 1.0

  • Mybb 1.00

  • Mybb 1.01

  • Mybb 1.02

  • Mybb 1.03

  • Mybb 1.04

  • Mybb 1.1.0

  • Mybb 1.1.1

  • Mybb 1.1.2

  • Mybb 1.1.3

  • Mybb 1.1.4

  • Mybb 1.1.5

  • Mybb 1.1.6

  • Mybb 1.1.7

  • Mybb 1.1.8

  • Mybb 1.2.0

  • Mybb 1.2.1

  • Mybb 1.2.10

  • Mybb 1.2.11

  • Mybb 1.2.12

  • Mybb 1.2.13

  • Mybb 1.2.14

  • Mybb 1.2.2

  • Mybb 1.2.3

  • Mybb 1.2.4

  • Mybb 1.2.5

  • Mybb 1.2.6

  • Mybb 1.2.7

  • Mybb 1.2.8

  • Mybb 1.2.9

  • Mybb 1.3

  • Mybb 1.4.0

  • Mybb 1.4.1

  • Mybb 1.4.10

  • Mybb 1.4.11

  • Mybb 1.4.12

  • Mybb 1.4.13

  • Mybb 1.4.14

  • Mybb 1.4.15

  • Mybb 1.4.16

  • Mybb 1.4.2

  • Mybb 1.4.3

  • Mybb 1.4.4

  • Mybb 1.4.5

  • Mybb 1.4.6

  • Mybb 1.4.7

  • Mybb 1.4.8

  • Mybb 1.4.9

  • Mybb 1.5.1

  • Mybb 1.5.2

  • Mybb 1.6.1

  • Mybb 1.6.2

  • Mybb 1.6.3

  • Mybb 1.6.4

  • Mybb 1.6.5

  • Mybb 1.6.6


References

BID - 53417

MLIST - [oss-security] 20120507 Re: CVE request: mybb before 1.6.7

MLIST - [oss-security] 20120507 CVE request: mybb before 1.6.7

CONFIRM - http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/


Last Updated: 27 May 2016 10:53:36