• IDP Daily Update #1254
  posted: 09/05/08
  
• NSM Daily Update #1254
  posted: 09/05/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1254
  posted: 09/05/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1252
  posted: 09/05/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 09/05/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PHPBB HTTP Referer Information Disclosure Vulnerability

Severity: MODERATE

Description:

Implemented in PHP, phpBB is a web bulletin-board application.

The phpBB application is prone to an information-disclosure vulnerability. The application fails to properly secure the session ID when accessing an external avatar image or external BBCode image.
The problem presents itself when a victim user follows an external avatar image link or BBCode IMG tag. The session ID is transmitted as part of the HTTP referer, resulting in the disclosure of privileged information.

An attacker can exploit this issue to retrieve the session ID of a currently active victim user.

Successful exploitation of this issue requires that the vulnerable site be configured to use external avatar images; this is not the default setting.

Affected Products:

• Debian Linux 3.1.0
• Debian Linux 3.1.0 alpha
• Debian Linux 3.1.0 arm
• Debian Linux 3.1.0 hppa
• Debian Linux 3.1.0 ia-32
• Debian Linux 3.1.0 ia-64
• Debian Linux 3.1.0 m68k
• Debian Linux 3.1.0 mips
• Debian Linux 3.1.0 mipsel
• Debian Linux 3.1.0 ppc
• Debian Linux 3.1.0 s/390
• Debian Linux 3.1.0 sparc
• phpBB Group phpBB 2.0.1
• phpBB Group phpBB 2.0.10
• phpBB Group phpBB 2.0.11
• phpBB Group phpBB 2.0.12
• phpBB Group phpBB 2.0.13
• phpBB Group phpBB 2.0.14
• phpBB Group phpBB 2.0.15
• phpBB Group phpBB 2.0.16
• phpBB Group phpBB 2.0.17
• phpBB Group phpBB 2.0.18
• phpBB Group phpBB 2.0.19
• phpBB Group phpBB 2.0.2
• phpBB Group phpBB 2.0.3
• phpBB Group phpBB 2.0.4
• phpBB Group phpBB 2.0.5
• phpBB Group phpBB 2.0.6
• phpBB Group phpBB 2.0.6 c
• phpBB Group phpBB 2.0.6 d
• phpBB Group phpBB 2.0.7
• phpBB Group phpBB 2.0.7 a
• phpBB Group phpBB 2.0.8
• phpBB Group phpBB 2.0.8 a
• phpBB Group phpBB 2.0.9

References:

• Berliner: RE: [Full-disclosure] phpBB 2.0.19 Cross Site Request Forgeries and XSSAdmin
• Maksymilian Arciemowicz: RE: [Full-disclosure] phpBB 2.0.19 Cross Site Request Forgeries and XSSAdmin
• Maksymilian Arciemowicz: phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin
• phpBB: phpBB Homepage