Lucene search
RedhatCVE-2013-4522HistoryNov 26, 2013 - 5:25 a.m.
CVE-2013-4522
2013-11-2605:25:38
CWE-200
redhat
web.nvd.nist.gov
25
cve-2013-4522
information security
vulnerability
moodle
http headers
remote attackers
sensitive information
caching proxy server.
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.004
Percentile
71.9%
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send “Cache-Control: private” HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server.
Affected configurations
Node
moodlemoodleRange≤2.2.11
ORmoodlemoodleMatch1.1.1
ORmoodlemoodleMatch1.2.0
ORmoodlemoodleMatch1.2.1
ORmoodlemoodleMatch1.3.0
ORmoodlemoodleMatch1.3.1
ORmoodlemoodleMatch1.3.2
ORmoodlemoodleMatch1.3.3
ORmoodlemoodleMatch1.3.4
ORmoodlemoodleMatch1.4.1
ORmoodlemoodleMatch1.4.2
ORmoodlemoodleMatch1.4.3
ORmoodlemoodleMatch1.4.4
ORmoodlemoodleMatch1.4.5
ORmoodlemoodleMatch1.5
ORmoodlemoodleMatch1.5.0beta
ORmoodlemoodleMatch1.5.1
ORmoodlemoodleMatch1.5.2
ORmoodlemoodleMatch1.5.3
ORmoodlemoodleMatch1.6.0
ORmoodlemoodleMatch1.6.1
ORmoodlemoodleMatch1.6.2
ORmoodlemoodleMatch1.6.3
ORmoodlemoodleMatch1.6.4
ORmoodlemoodleMatch1.6.5
ORmoodlemoodleMatch1.6.6
ORmoodlemoodleMatch1.6.7
ORmoodlemoodleMatch1.6.8
ORmoodlemoodleMatch1.7.1
ORmoodlemoodleMatch1.7.2
ORmoodlemoodleMatch1.7.3
ORmoodlemoodleMatch1.7.4
ORmoodlemoodleMatch1.7.5
ORmoodlemoodleMatch1.7.6
ORmoodlemoodleMatch1.8.1
ORmoodlemoodleMatch1.8.2
ORmoodlemoodleMatch1.8.3
ORmoodlemoodleMatch1.8.4
ORmoodlemoodleMatch1.8.5
ORmoodlemoodleMatch1.8.6
ORmoodlemoodleMatch1.8.7
ORmoodlemoodleMatch1.8.8
ORmoodlemoodleMatch1.8.9
ORmoodlemoodleMatch1.8.10
ORmoodlemoodleMatch1.8.11
ORmoodlemoodleMatch1.8.12
ORmoodlemoodleMatch1.8.13
ORmoodlemoodleMatch1.8.14
ORmoodlemoodleMatch1.9.1
ORmoodlemoodleMatch1.9.2
ORmoodlemoodleMatch1.9.3
ORmoodlemoodleMatch1.9.4
ORmoodlemoodleMatch1.9.5
ORmoodlemoodleMatch1.9.6
ORmoodlemoodleMatch1.9.7
ORmoodlemoodleMatch1.9.8
ORmoodlemoodleMatch1.9.9
ORmoodlemoodleMatch1.9.10
ORmoodlemoodleMatch1.9.11
ORmoodlemoodleMatch1.9.12
ORmoodlemoodleMatch1.9.13
ORmoodlemoodleMatch1.9.14
ORmoodlemoodleMatch1.9.15
ORmoodlemoodleMatch1.9.16
ORmoodlemoodleMatch1.9.17
ORmoodlemoodleMatch1.9.18
ORmoodlemoodleMatch2.0.0
ORmoodlemoodleMatch2.0.1
ORmoodlemoodleMatch2.0.2
ORmoodlemoodleMatch2.0.3
ORmoodlemoodleMatch2.0.4
ORmoodlemoodleMatch2.0.5
ORmoodlemoodleMatch2.0.6
ORmoodlemoodleMatch2.0.7
ORmoodlemoodleMatch2.0.8
ORmoodlemoodleMatch2.0.9
ORmoodlemoodleMatch2.1.0
ORmoodlemoodleMatch2.1.1
ORmoodlemoodleMatch2.1.2
ORmoodlemoodleMatch2.1.3
ORmoodlemoodleMatch2.1.4
ORmoodlemoodleMatch2.1.5
ORmoodlemoodleMatch2.1.6
ORmoodlemoodleMatch2.1.7
ORmoodlemoodleMatch2.1.8
ORmoodlemoodleMatch2.1.9
ORmoodlemoodleMatch2.1.10
ORmoodlemoodleMatch2.2.0
ORmoodlemoodleMatch2.2.1
ORmoodlemoodleMatch2.2.2
ORmoodlemoodleMatch2.2.3
ORmoodlemoodleMatch2.2.4
ORmoodlemoodleMatch2.2.5
ORmoodlemoodleMatch2.2.6
ORmoodlemoodleMatch2.2.7
ORmoodlemoodleMatch2.2.8
ORmoodlemoodleMatch2.2.9
ORmoodlemoodleMatch2.2.10
ORmoodlemoodleMatch2.3.0
ORmoodlemoodleMatch2.3.1
ORmoodlemoodleMatch2.3.2
ORmoodlemoodleMatch2.3.3
ORmoodlemoodleMatch2.3.4
ORmoodlemoodleMatch2.3.5
ORmoodlemoodleMatch2.3.6
ORmoodlemoodleMatch2.3.7
ORmoodlemoodleMatch2.3.8
ORmoodlemoodleMatch2.3.9
ORmoodlemoodleMatch2.4.0
ORmoodlemoodleMatch2.4.1
ORmoodlemoodleMatch2.4.2
ORmoodlemoodleMatch2.4.3
ORmoodlemoodleMatch2.4.4
ORmoodlemoodleMatch2.4.5
ORmoodlemoodleMatch2.4.6
ORmoodlemoodleMatch2.5.0
ORmoodlemoodleMatch2.5.1
ORmoodlemoodleMatch2.5.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moodle | moodle | * | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* |
| moodle | moodle | 1.1.1 | cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:* |
| moodle | moodle | 1.2.0 | cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:* |
| moodle | moodle | 1.2.1 | cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.0 | cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.1 | cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.2 | cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.3 | cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.4 | cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:* |
| moodle | moodle | 1.4.1 | cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2013-4522
2013-11-26 00:00:00
veracode
veracode
Information Disclosure
2017-07-07 09:03:18
cvelist
cvelist
CVE-2013-4522
2013-11-26 02:00:00
nvd
nvd
CVE-2013-4522
2013-11-26 05:25:38
prion
prion
Design/Logic Flaw
2013-11-26 05:25:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0356)
2022-01-28 00:00:00
nessus
nessus
mageia
mageia
Updated moodle package fixes security vulnerabilities
2013-12-01 01:24:35
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.004
Percentile
71.9%
Related for CVE-2013-4522