oss-sec mailing list archives
Re: CVE request: fluxbb before 1.4.7
From: Henri Salo <henri () nerv fi>
Date: Thu, 13 Oct 2011 17:43:39 +0300
On Mon, Oct 10, 2011 at 08:41:48PM +0200, Hanno Böck wrote:
http://fluxbb.org/forums/viewtopic.php?id=5751 "This is a security release, however only affects anyone running FluxBB behind a reverse proxy, with FORUM_BEHIND_REVERSE_PROXY enabled - we expect this to be a small number of users." Whatever that means... I suggest something like "Unknown security vulnerability related to reverse proxying" -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Documentation about the feature: http://fluxbb.org/docs/v1.4/constants#forum_behind_reverse_proxy I can ask more details from the vendor. Best regards, Henri Salo
Current thread:
- CVE request: fluxbb before 1.4.7 Hanno Böck (Oct 10)
- Re: CVE request: fluxbb before 1.4.7 Henri Salo (Oct 13)
- Re: CVE request: fluxbb before 1.4.7 Josh Bressers (Oct 18)