110176 – phpBB <= 2.0.17 and IE Cookie Disclosure

Bug 110176 - phpBB <= 2.0.17 and IE Cookie Disclosure

Summary: phpBB <= 2.0.17 and IE Cookie Disclosure

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://archives.neohapsis.com/archive...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-10-22 14:10 UTC by Vic Fryzel (shellsage) (RETIRED)
Modified:	2005-10-22 16:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vic Fryzel (shellsage) (RETIRED) gentoo-dev

2005-10-22 14:10:04 UTC

phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Note:
This works like XSS, and requires the victim to use IE (Affects all versions of IE).

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Carsten Lohrke (RETIRED) gentoo-dev

2005-10-22 16:06:07 UTC

from GLSA 200507-03:

The phpBB package is no longer supported by Gentoo Linux and has been masked in
the Portage repository, no further announcements will be issued regarding phpBB
updates. Users who wish to continue using phpBB are advised to monitor and refer
to www.phpbb.com for more information.