Description

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Remediation

References

CVE-2011-0910

Related Vulnerabilities

WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.4)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.34)

Squid Other Vulnerability (CVE-2016-4556)

MySQL Other Vulnerability (CVE-2002-1376)

WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Cross-Site Scripting (2.8.2.2)

Severity

Medium

Classification

CVE-2011-0910

Tags

Missing Update Known Vulnerabilities