漏洞标题
N/A
漏洞描述信息
**争议**
Jelsoft vBulletin 3.5.4 允许远程攻击者注册多个任意用户,并通过大量向register.php发送请求来导致服务拒绝(资源消耗)。注意:供应商对此漏洞表示否认,并称“如果您启用了 CAPTCHA,那么注册将不会通过。......如果您说的是允许洪水攻击,那么显然这是服务器级别应该处理的问题。”
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Jelsoft vBulletin 'register.php'拒绝服务攻击漏洞
漏洞描述信息
**有争议** Jelsoft vBulletin 3.5.4中,远程攻击者可借助对register.php脚本的大量请求来注册多个任意用户,并触发拒绝服务攻击(资源消耗型)。注:厂商对此漏洞存在争议,声称"如果启用了CAPTCHA,注册就不会通过......... 如果你们谈论的是存在泛洪攻击,那么这理应是服务器级要解决的问题。"
CVSS信息
N/A
漏洞类别
授权问题