Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4586

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4586
Last Modified 20 Jul 2012 12:00:00
Published 20 Jul 2012 06:40:35
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4586

Summary

CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Systems

Application

  • Moodle 1.9

  • Moodle 1.9.1

  • Moodle 1.9.10

  • Moodle 1.9.11

  • Moodle 1.9.12

  • Moodle 1.9.13

  • Moodle 1.9.14

  • Moodle 1.9.2

  • Moodle 1.9.3

  • Moodle 1.9.4

  • Moodle 1.9.5

  • Moodle 1.9.6

  • Moodle 1.9.7

  • Moodle 1.9.8

  • Moodle 1.9.9

  • Moodle 2.0

  • Moodle 2.0.1

  • Moodle 2.0.2

  • Moodle 2.0.3

  • Moodle 2.0.4

  • Moodle 2.0.5

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.2


References

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=581e8dba387f090d89382115fd850d8b44351526

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=761248

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=191754


Last Updated: 27 May 2016 10:54:55