Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4403

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4403
Last Modified 19 Sep 2012 02:48:49
Published 19 Sep 2012 06:57:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4403

Summary

theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.

Vulnerable Systems

Application

  • Moodle 2.3

  • Moodle 2.3.1


References

CONFIRM - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168

MLIST - [oss-security] 20120917 Moodle security notifications public

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=211560


Last Updated: 27 May 2016 11:00:44