oss-sec mailing list archives

Re: CVE request: fluxbb before 1.4.7

From: Henri Salo <henri () nerv fi>
Date: Thu, 13 Oct 2011 17:43:39 +0300

On Mon, Oct 10, 2011 at 08:41:48PM +0200, Hanno Böck wrote:

http://fluxbb.org/forums/viewtopic.php?id=5751

"This is a security release, however only affects anyone running FluxBB
behind a reverse proxy, with FORUM_BEHIND_REVERSE_PROXY enabled - we
expect this to be a small number of users."

Whatever that means... I suggest something like
"Unknown security vulnerability related to reverse proxying"

-- 
Hanno Böck            mail/jabber: hanno () hboeck de
GPG: BBB51E42         http://www.hboeck.de/


Documentation about the feature: http://fluxbb.org/docs/v1.4/constants#forum_behind_reverse_proxy

I can ask more details from the vendor.

Best regards,
Henri Salo

Current thread:

CVE request: fluxbb before 1.4.7 Hanno Böck (Oct 10)
- Re: CVE request: fluxbb before 1.4.7 Henri Salo (Oct 13)
- Re: CVE request: fluxbb before 1.4.7 Josh Bressers (Oct 18)