Yurgon Posted September 26, 2019 Share Posted September 26, 2019 I'm not sure which version of vBulletin is in use here, but this probably applies: vBulletin Security Patch Released. Versions 5.5.2, 5.5.3, and 5.5.4 US NIST assigned it a Base Score of 9.8 (CRITICAL): CVE-2019-16759 Detail Link to comment Share on other sites More sharing options...
ED Team BIGNEWY Posted September 28, 2019 ED Team Share Posted September 28, 2019 Thanks Yurgon, I will pass it on. Forum rules - DCS Crashing? Try this first - Cleanup and Repair - Discord BIGNEWY#8703 - Youtube - Patch Status Windows 11, NVIDIA MSI RTX 3090, Intel® i9-10900K 3.70GHz, 5.30GHz Turbo, Corsair Hydro Series H150i Pro, 64GB DDR @3200, ASUS ROG Strix Z490-F Gaming, HP Reverb G2 Link to comment Share on other sites More sharing options...
Yurgon Posted September 30, 2019 Author Share Posted September 30, 2019 Thanks Bignewy. Just an FYI, I saw a bunch of failed HTTP requests scroll by the error log in a site of mine that doesn't even have a vBulletin board: /vb/js/ajax.js /vbforum/js/ajax.js /forum/js/ajax.js /js/ajax.js /forums/js/ajax.js /vBulletin/js/ajax.js /vb5/js/ajax.js Might be unrelated, but my guess is this is an active attempt to find vulnerable vBulletin installations that have not been patched yet, and it's probably happening all over the web. Link to comment Share on other sites More sharing options...
ED Team BIGNEWY Posted September 30, 2019 ED Team Share Posted September 30, 2019 Thanks for the heads up, the team have insured we will not be affected Forum rules - DCS Crashing? Try this first - Cleanup and Repair - Discord BIGNEWY#8703 - Youtube - Patch Status Windows 11, NVIDIA MSI RTX 3090, Intel® i9-10900K 3.70GHz, 5.30GHz Turbo, Corsair Hydro Series H150i Pro, 64GB DDR @3200, ASUS ROG Strix Z490-F Gaming, HP Reverb G2 Link to comment Share on other sites More sharing options...
Yurgon Posted October 8, 2019 Author Share Posted October 8, 2019 vBulletin 5.X critical security issue, Patch Level 2 The previous thread was closed, so I couldn't post an update there. The vBulletin team have issued an announcement regarding a new patch level: vBulletin 5.5.X (5.5.2, 5.5.3, and 5.5.4) Security Patch Level 2 This one seems to be at least as critical as the previous issue last week. If I read the notes correctly, all versions of vBulletin are affected unless it's updated to: 5.5.4 Patch Level 2 5.5.3 Patch Level 2 5.5.2 Patch Level 2 I'm guessing that vBulletin versions older than 5 would be affected as well (and by now they're probably as secure as cheese in a mouse cage anyway). Comodo had data on some 170.000 accounts stolen from their vBulletin because they didn't patch quickly enough. Thanks. Link to comment Share on other sites More sharing options...
ED Team BIGNEWY Posted October 10, 2019 ED Team Share Posted October 10, 2019 (edited) Hi Yurgon, the team is aware, thanks for the post. I have merged it with the first one. Edit: The exploit does not effect our version of vBulletin the team have checked thank you Edited October 10, 2019 by BIGNEWY Forum rules - DCS Crashing? Try this first - Cleanup and Repair - Discord BIGNEWY#8703 - Youtube - Patch Status Windows 11, NVIDIA MSI RTX 3090, Intel® i9-10900K 3.70GHz, 5.30GHz Turbo, Corsair Hydro Series H150i Pro, 64GB DDR @3200, ASUS ROG Strix Z490-F Gaming, HP Reverb G2 Link to comment Share on other sites More sharing options...
Recommended Posts