Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2239

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-2239
Last Modified 07 Feb 2013 11:50:03
Published 24 Nov 2012 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2239

Summary

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.

Vulnerable Systems

Application

  • Mahara 1.1.4

  • Mahara 1.1.5

  • Mahara 1.4

  • Mahara 1.4.0

  • Mahara 1.4.1

  • Mahara 1.4.2

  • Mahara 1.4.3

  • Mahara 1.5

  • Mahara 1.5.0

  • Mahara 1.5.1

  • Mahara 1.5.2


References

CONFIRM - https://mahara.org/interaction/forum/topic.php?id=4869

CONFIRM - https://bugs.launchpad.net/mahara/+bug/1047111

DEBIAN - DSA-2591


Last Updated: 27 May 2016 10:57:36