CVE-2009-4448
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.
inc/functions_time.php en MyBB (alias MyBulletinBoard) v1.4.10, y posiblemente versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una solicitud elaborada con un gran valor para el año, lo que dispara un bucle largo, como puede conseguirse a través de member.php y posiblemente otros vectores.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-12-29 CVE Reserved
- 2009-12-29 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php | X_refsource_confirm | |
| http://openwall.com/lists/oss-security/2010/10/08/7 | Mailing List | |
| http://openwall.com/lists/oss-security/2010/10/11/8 | Mailing List | |
| http://openwall.com/lists/oss-security/2010/12/06/2 | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update | 2011-01-04 | |
| http://dev.mybboard.net/issues/600 | 2011-01-04 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/37906 | 2011-01-04 |