Lucene search

[email protected]CVE-2008-4930

HistoryNov 04, 2008 - 9:00 p.m.

CVE-2008-4930

2008-11-0421:00:00

CWE-20

[email protected]

web.nvd.nist.gov

mybb

mybulletinboard

cve-2008-4930

vulnerability

mime-sniffing

xss

nvd

6.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.0%

JSON

MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer’s content inspection, aka “Incomplete protection against MIME-sniffing.” NOTE: this could be leveraged for XSS and other attacks.

CPENameOperatorVersion
mybb:mybbmybbeq1.4.2

CPE	Name	Operator	Version
mybb:mybb	mybb	eq	1.4.2

References

archives.neohapsis.com/archives/bugtraq/2008-10/0203.html

archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html

www.openwall.com/lists/oss-security/2008/11/01/2

6.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.0%

JSON

Related for CVE-2008-4930

prion1 cvelist1