Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4592

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4592
Last Modified 20 Jul 2012 09:42:00
Published 20 Jul 2012 06:40:36
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4592

Summary

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.

Vulnerable Systems

Application

  • Moodle 2.0

  • Moodle 2.0.1

  • Moodle 2.0.2

  • Moodle 2.0.3

  • Moodle 2.0.4

  • Moodle 2.0.5

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.2


References

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=ade30ad3c420ce035a3d68287db701b70e806b3f

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=761248

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=191761


Last Updated: 27 May 2016 10:54:55