Moodle LTI Module CVE-2014-3542 XML External Entity Information Disclosure Vulnerability
BID:68754
Info
Moodle LTI Module CVE-2014-3542 XML External Entity Information Disclosure Vulnerability
| Bugtraq ID: | 68754 |
| Class: | Design Error |
| CVE: |
CVE-2014-3542 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 21 2014 12:00AM |
| Updated: | Apr 16 2015 06:14PM |
| Credit: | pnig0s@freebuf |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Moodle LTI Module CVE-2014-3542 XML External Entity Information Disclosure Vulnerability
Moodle is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to gain unauthorized access, and obtain potentially sensitive information. This may lead to further attacks.
Moodle versions 2.7, 2.6 through 2.6.3, 2.5 through 2.5.6, and 2.4 through 2.4.10 are vulnerable.
Moodle is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to gain unauthorized access, and obtain potentially sensitive information. This may lead to further attacks.
Moodle versions 2.7, 2.6 through 2.6.3, 2.5 through 2.5.6, and 2.4 through 2.4.10 are vulnerable.
Solution / Fix
Moodle LTI Module CVE-2014-3542 XML External Entity Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Moodle LTI Module CVE-2014-3542 XML External Entity Information Disclosure Vulnerability
References:
References: