Moodle Multiple Security Vulnerabilities
BID:50923
Info
Moodle Multiple Security Vulnerabilities
| Bugtraq ID: | 50923 |
| Class: | Unknown |
| CVE: |
CVE-2011-4581 CVE-2011-4582 CVE-2011-4583 CVE-2011-4584 CVE-2011-4585 CVE-2011-4586 CVE-2011-4587 CVE-2011-4588 CVE-2011-4589 CVE-2011-4590 CVE-2011-4591 CVE-2011-4592 CVE-2011-4593 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 06 2011 12:00AM |
| Updated: | Apr 13 2015 10:24PM |
| Credit: | Sunner Sun, Dan Marsden, Jerome Mouneyrac, vickerylm, Darragh Enright, David Michael Evans, German Sanchez Garces, Stephen Mc Guinness, Patrick McNeill, Andrew Nicols, Petr Škoda, Rajesh Taneja, Ryan Smith and Fernando Graells |
| Vulnerable: |
Moodle Moodle 2.1.1 Moodle Moodle 2.0.4 Moodle Moodle 2.0.3 Moodle Moodle 2.0.2 Moodle Moodle 2.0.1 Moodle Moodle 2.0.1 Moodle Moodle 1.9.13 Moodle Moodle 1.9.12 Moodle Moodle 1.9.11 Moodle Moodle 1.9.10 Moodle moodle 1.9.9 Moodle moodle 1.9.8 Moodle Moodle 1.9.7 Moodle moodle 1.9.6 Moodle Moodle 1.9.5 Moodle moodle 1.9.4 Moodle moodle 1.9.3 Moodle Moodle 1.9.1 Moodle Moodle 2.1 Moodle Moodle 2.0 Moodle Moodle 1.9.2 Moodle Moodle 1.9 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
Moodle Moodle 2.1.2 Moodle Moodle 2.0.5 Moodle Moodle 1.9.14 |
Discussion
Moodle Multiple Security Vulnerabilities
Moodle is prone to multiple security vulnerabilities, including:
1. Multiple security-bypass vulnerabilities.
2. A URI-redirection vulnerability.
3. Multiple information-disclosure vulnerabilities.
4. A denial-of-service vulnerability.
5. An authentication-bypass vulnerability.
6. An unspecified vulnerability.
7. An HTTP-response-splitting vulnerability.
Attackers can exploit these issues to bypass certain security restrictions, redirect users to an attacker-controlled site, obtain sensitive information, perform a denial of service attack, bypass the authentication mechanism, inject information in HTTP request headers, and influence how Web content is served, cached, or interpreted. Other attacks may also be possible.
Moodle is prone to multiple security vulnerabilities, including:
1. Multiple security-bypass vulnerabilities.
2. A URI-redirection vulnerability.
3. Multiple information-disclosure vulnerabilities.
4. A denial-of-service vulnerability.
5. An authentication-bypass vulnerability.
6. An unspecified vulnerability.
7. An HTTP-response-splitting vulnerability.
Attackers can exploit these issues to bypass certain security restrictions, redirect users to an attacker-controlled site, obtain sensitive information, perform a denial of service attack, bypass the authentication mechanism, inject information in HTTP request headers, and influence how Web content is served, cached, or interpreted. Other attacks may also be possible.
Exploit / POC
Moodle Multiple Security Vulnerabilities
An attacker can use a browser to exploit some of these issues. In some cases, the attacker entices an unsuspecting user to follow a malicious URI.
An attacker can use a browser to exploit some of these issues. In some cases, the attacker entices an unsuspecting user to follow a malicious URI.
Solution / Fix
Moodle Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Moodle Multiple Security Vulnerabilities
References:
References:
- Moodle Homepage (Moodle)
- MSA-11-0042 (moodle)
- MSA-11-0043 (moodle)
- MSA-11-0044 (moodle)
- MSA-11-0045 (moodle)
- MSA-11-0046 (moodle)
- MSA-11-0047 (moodle)
- MSA-11-0048 (moodle)
- MSA-11-0049 (moodle)
- MSA-11-0050 (moodle)
- MSA-11-0051 (moodle)
- MSA-11-0052 (moodle)
- MSA-11-0053 (moodle)
- MSA-11-0054 (moodle)