Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-25-2013, 08:21 AM
Markowitch Markowitch is offline
 
Join Date: Nov 2005
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Our webhost will block the site because of vulnerability in CKEditor 3.6.2

Hey. I just borrow my son's account to ask about security issue.

Our webhost - Domeneshop.no in Norway - believe that we have a security problem on the forum. When we asked what the problem is, we have received the following information about the cause of the alleged vulnerability:
CKEditor 3.6.2 ./www/clientscript/ckeditor/
vBulletin 4.2.0 ./www/
.... without other comments.

We are running vBulletin 4.2.0 Patch Level 3

What's going on?. If there is a security issue as our web host said - we have not heard about it, even from other vBulletin forums, we work with.

Is it a security problem with CKEditor 3.6.2 as our web host says, and if so, how to solve this?

I've only heard of this particular problem in Drupal, Jomla etc. but not in vBulletin. I'm really lost.

Thank you in advance for answers
Reply With Quote
  #2  
Old 01-29-2013, 04:18 PM
DeMiNe0 DeMiNe0 is offline
 
Join Date: Jun 2004
Posts: 175
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It is an issue with vbulletin. vbulltin uses an older version of ckeditor. There is a bug report open about the issues here. It's been open for about 6 months now, but it doesn't appear that vbulletin is planning on fixing it ATM. Your best bet is to switch hosts.

http://tracker.vbulletin.com/browse/VBIV-13267
Reply With Quote
  #3  
Old 01-29-2013, 04:37 PM
SRobbins1977 SRobbins1977 is offline
 
Join Date: Nov 2009
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by DeMiNe0 View Post
It is an issue with vbulletin. vbulltin uses an older version of ckeditor. There is a bug report open about the issues here. It's been open for about 6 months now, but it doesn't appear that vbulletin is planning on fixing it ATM. Your best bet is to switch hosts.

http://tracker.vbulletin.com/browse/VBIV-13267
How is that a security vulnerability issue? ...that's more of a quality issue. I would switch providers that providers security team has a few rocks loose.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:07 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03360 seconds
  • Memory Usage 2,175KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete