Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4203

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4203
Last Modified 12 Jan 2012 12:00:00
Published 22 Dec 2011 10:29:20
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4203

Summary

CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.

Vulnerable Systems

Application

  • Moodle 1.9

  • Moodle 1.9.1

  • Moodle 1.9.10

  • Moodle 1.9.11

  • Moodle 1.9.12

  • Moodle 1.9.13

  • Moodle 1.9.14

  • Moodle 1.9.2

  • Moodle 1.9.3

  • Moodle 1.9.4

  • Moodle 1.9.5

  • Moodle 1.9.6

  • Moodle 1.9.7

  • Moodle 1.9.8

  • Moodle 1.9.9

  • Moodle 2.0

  • Moodle 2.0.1

  • Moodle 2.0.2

  • Moodle 2.0.3

  • Moodle 2.0.4

  • Moodle 2.0.5

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.2

  • Moodle 2.2


References

MISC - http://tracker.moodle.org/browse/MDL-24808

MISC - http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle/


Last Updated: 27 May 2016 10:57:57