Vulnerabilities > CVE-2009-4448 - Resource Management Errors vulnerability in Mybboard Mybb 1.4.10

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
mybboard
CWE-399

Summary

inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.

Vulnerable Configurations

Part Description Count
Application
Mybboard
1

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2009-4448 MyBB是一款流行的基于PHP的论坛程序。 MyBB inc/functions_time.php文件中包含的adodb_mktime()函数在处理部分日期值时存在漏洞,攻击者提交包含超大的year参数值的报文就会触发大量循环,导致CPU负载过高造成拒绝服务攻击。 MyBB 1.4.10 用户可参考如下安全公告获得补丁信息: http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php
idSSV:15191
last seen2017-11-19
modified2010-01-06
published2010-01-06
reporterRoot
titleMyBB adodb_mktime()日期参数远程拒绝服务漏洞