Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4281

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4281
Last Modified 16 Jul 2012 12:00:00
Published 16 Jul 2012 06:28:36
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4281

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.

Vulnerable Systems

Application

  • Moodle 2.0

  • Moodle 2.0.1


References

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=9cedb80c5d6318aa17cd66912d37e6ef3dca9455

MLIST - [oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=170006


Last Updated: 27 May 2016 10:54:52