Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4133

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4133
Last Modified 16 Jul 2012 12:00:00
Published 16 Jul 2012 06:28:36
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4133

Summary

Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.

Vulnerable Systems

Application

  • Moodle 1.9

  • Moodle 1.9.1

  • Moodle 1.9.10

  • Moodle 1.9.2

  • Moodle 1.9.3

  • Moodle 1.9.4

  • Moodle 1.9.5

  • Moodle 1.9.6

  • Moodle 1.9.7

  • Moodle 1.9.8

  • Moodle 1.9.9


References

MLIST - [oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=170002

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=8f031d5431c1204197b1482fd6c63bc87a19a476


Last Updated: 27 May 2016 10:49:38