Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4293

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2011-4293
Last Modified 16 Jul 2012 12:00:00
Published 16 Jul 2012 06:28:37
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4293

Summary

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.

Vulnerable Systems

Application

  • Moodle 2.0

  • Moodle 2.0.1

  • Moodle 2.0.2

  • Moodle 2.0.3

  • Moodle 2.1


References

MLIST - [oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=182736

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=e1c2a211f259821910be2cba23679d4176fb00a3


Last Updated: 27 May 2016 10:54:52