Vulmon
Vulnerability information
=========================
Title: phpBB Native Fulltext Search denial of service
CVE ID: CVE-2019-9826
CVSSv3 score: 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Vulnerability description
=========================
Vulnerable packages
===================
Solutions and workarounds
=========================
Mitigations are available for earlier versions of phpBB:
1. Set “Search backend” to an engine other than “phpBB Native Fulltext”
3. Set “Enable search facilities” to “No”
Proof of concept
================
Report timeline
===============
2019-02-18: Initial disclosure to vendor with PoC and candidate patch
2019-02-19: Vendor acknowledges receipt of report
2019-03-12: Update requested
2019-03-13: Vendor verifies vulnerability
2019-03-15: Vendor assigns CVE ID
2019-03-19: Follow-up, no response
2019-04-15: Second follow-up
2019-04-18: Vendor requests extension to disclosure date
2019-04-22: One week extension granted
2019-04-29: Vendor patch released
2019-04-29: Public disclosure