ID CVE-2014-3543 Type cve Reporter NVD Modified 2014-07-29T14:06:01
Description
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.
{"title": "CVE-2014-3543", "reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310868053", "OPENVAS:1361412562310868521", "OPENVAS:1361412562310868199", "OPENVAS:1361412562310869172", "OPENVAS:1361412562310868049"]}], "modified": "2016-09-03T20:28:05"}, "vulnersScore": 5.0}, "published": "2014-07-29T07:10:31", "cvelist": ["CVE-2014-3543"], "hash": "3ab271713660966ae3198cd7af5baf63171e9af77f872b6c3b7fe5ccfe255414", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3543", "bulletinFamily": "NVD", "id": "CVE-2014-3543", "history": [], "scanner": [], "cpe": ["cpe:/a:moodle:moodle:2.3.2", "cpe:/a:moodle:moodle:2.3.3", "cpe:/a:moodle:moodle:2.3.8", "cpe:/a:moodle:moodle:2.4.8", "cpe:/a:moodle:moodle:2.4.5", "cpe:/a:moodle:moodle:2.7", "cpe:/a:moodle:moodle:2.4.2", "cpe:/a:moodle:moodle:2.4.4", "cpe:/a:moodle:moodle:2.6.2", "cpe:/a:moodle:moodle:2.3.6", "cpe:/a:moodle:moodle:2.3", "cpe:/a:moodle:moodle:2.4.9", "cpe:/a:moodle:moodle:2.3.1", "cpe:/a:moodle:moodle:2.5.6", "cpe:/a:moodle:moodle:2.4.1", "cpe:/a:moodle:moodle:2.5", "cpe:/a:moodle:moodle:2.3.11", "cpe:/a:moodle:moodle:2.3.10", "cpe:/a:moodle:moodle:2.5.5", "cpe:/a:moodle:moodle:2.5.2", "cpe:/a:moodle:moodle:2.3.5", "cpe:/a:moodle:moodle:2.6.3", "cpe:/a:moodle:moodle:2.4.10", "cpe:/a:moodle:moodle:2.4.7", "cpe:/a:moodle:moodle:2.5.4", "cpe:/a:moodle:moodle:2.5.3", "cpe:/a:moodle:moodle:2.5.1", "cpe:/a:moodle:moodle:2.4.3", "cpe:/a:moodle:moodle:2.3.4", "cpe:/a:moodle:moodle:2.4.6", "cpe:/a:moodle:moodle:2.4", "cpe:/a:moodle:moodle:2.6.1", "cpe:/a:moodle:moodle:2.6", "cpe:/a:moodle:moodle:2.3.7", "cpe:/a:moodle:moodle:2.3.9"], "modified": "2014-07-29T14:06:01", "viewCount": 1, "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 4.3}, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["https://moodle.org/mod/forum/discuss.php?d=264264", "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417", "http://openwall.com/lists/oss-security/2014/07/21/1"], "lastseen": "2016-09-03T20:28:05", "description": "mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format."}
{"openvas": [{"lastseen": "2018-09-01T23:53:50", "bulletinFamily": "scanner", "description": "Check the version of moodle", "modified": "2017-07-19T00:00:00", "published": "2014-11-26T00:00:00", "id": "OPENVAS:1361412562310868521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868521", "title": "Fedora Update for moodle FEDORA-2014-15102", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2014-15102\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868521\");\n script_version(\"$Revision: 6759 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-19 11:56:33 +0200 (Wed, 19 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-26 06:44:08 +0100 (Wed, 26 Nov 2014)\");\n script_cve_id(\"CVE-2014-3541\", \"CVE-2014-3542\", \"CVE-2014-3543\", \"CVE-2014-3544\",\n \"CVE-2014-3545\", \"CVE-2014-3546\", \"CVE-2014-3547\", \"CVE-2014-3548\",\n \"CVE-2014-3549\", \"CVE-2014-3550\", \"CVE-2014-3551\", \"CVE-2014-3552\",\n \"CVE-2014-3553\", \"CVE-2014-0213\", \"CVE-2014-0214\", \"CVE-2014-0215\",\n \"CVE-2014-0216\", \"CVE-2014-0217\", \"CVE-2014-0218\", \"CVE-2014-0122\",\n \"CVE-2014-0123\", \"CVE-2014-0124\", \"CVE-2014-0125\", \"CVE-2014-0126\",\n \"CVE-2014-0127\", \"CVE-2014-0129\", \"CVE-2014-0008\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for moodle FEDORA-2014-15102\");\n script_tag(name: \"summary\", value: \"Check the version of moodle\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Moodle is a course management system (CMS) - a free, Open Source software\npackage designed using sound pedagogical principles, to help educators create\neffective online learning communities.\n\");\n script_tag(name: \"affected\", value: \"moodle on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name: \"FEDORA\", value: \"2014-15102\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144901.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~2.5.9~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:52", "bulletinFamily": "scanner", "description": "Check for the Version of moodle", "modified": "2018-04-06T00:00:00", "published": "2014-08-05T00:00:00", "id": "OPENVAS:1361412562310868053", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868053", "title": "Fedora Update for moodle FEDORA-2014-8601", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2014-8601\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868053\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-05 16:42:34 +0530 (Tue, 05 Aug 2014)\");\n script_cve_id(\"CVE-2014-3541\", \"CVE-2014-3542\", \"CVE-2014-3543\", \"CVE-2014-3544\",\n \"CVE-2014-3545\", \"CVE-2014-3546\", \"CVE-2014-3547\", \"CVE-2014-3548\",\n \"CVE-2014-3549\", \"CVE-2014-3550\", \"CVE-2014-3551\", \"CVE-2014-3552\",\n \"CVE-2014-3553\", \"CVE-2014-0213\", \"CVE-2014-0214\", \"CVE-2014-0215\",\n \"CVE-2014-0216\", \"CVE-2014-0217\", \"CVE-2014-0218\", \"CVE-2014-0122\",\n \"CVE-2014-0123\", \"CVE-2014-0124\", \"CVE-2014-0125\", \"CVE-2014-0126\",\n \"CVE-2014-0127\", \"CVE-2014-0129\", \"CVE-2014-0008\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for moodle FEDORA-2014-8601\");\n\n tag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\npackage designed using sound pedagogical principles, to help educators create\neffective online learning communities.\n\";\n\n tag_affected = \"moodle on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-8601\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136159.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of moodle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~2.5.7~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:10", "bulletinFamily": "scanner", "description": "Check for the Version of moodle", "modified": "2018-04-06T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868199", "title": "Fedora Update for moodle FEDORA-2014-10802", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2014-10802\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868199\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:29 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-3541\", \"CVE-2014-3542\", \"CVE-2014-3543\", \"CVE-2014-3544\",\n \"CVE-2014-3545\", \"CVE-2014-3546\", \"CVE-2014-3547\", \"CVE-2014-3548\",\n \"CVE-2014-3549\", \"CVE-2014-3550\", \"CVE-2014-3551\", \"CVE-2014-3552\",\n \"CVE-2014-3553\", \"CVE-2014-0213\", \"CVE-2014-0214\", \"CVE-2014-0215\",\n \"CVE-2014-0216\", \"CVE-2014-0217\", \"CVE-2014-0218\", \"CVE-2014-0122\",\n \"CVE-2014-0123\", \"CVE-2014-0124\", \"CVE-2014-0125\", \"CVE-2014-0126\",\n \"CVE-2014-0127\", \"CVE-2014-0129\", \"CVE-2014-0008\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for moodle FEDORA-2014-10802\");\n script_tag(name: \"insight\", value: \"Moodle is a course management system (CMS) - a free, Open Source software\npackage designed using sound pedagogical principles, to help educators create\neffective online learning communities.\n\");\n script_tag(name: \"affected\", value: \"moodle on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name: \"FEDORA\", value: \"2014-10802\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138674.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of moodle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~2.5.8~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:01", "bulletinFamily": "scanner", "description": "Check the version of moodle", "modified": "2017-07-10T00:00:00", "published": "2015-04-06T00:00:00", "id": "OPENVAS:1361412562310869172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869172", "title": "Fedora Update for moodle FEDORA-2015-4530", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2015-4530\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869172\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-06 07:13:30 +0200 (Mon, 06 Apr 2015)\");\n script_cve_id(\"CVE-2014-3541\", \"CVE-2014-3542\", \"CVE-2014-3543\", \"CVE-2014-3544\",\n \"CVE-2014-3545\", \"CVE-2014-3546\", \"CVE-2014-3547\", \"CVE-2014-3548\",\n \"CVE-2014-3549\", \"CVE-2014-3550\", \"CVE-2014-3551\", \"CVE-2014-3552\",\n \"CVE-2014-3553\", \"CVE-2014-0213\", \"CVE-2014-0214\", \"CVE-2014-0215\",\n \"CVE-2014-0216\", \"CVE-2014-0217\", \"CVE-2014-0218\", \"CVE-2014-0122\",\n \"CVE-2014-0123\", \"CVE-2014-0124\", \"CVE-2014-0125\", \"CVE-2014-0126\",\n \"CVE-2014-0127\", \"CVE-2014-0129\", \"CVE-2014-0008\", \"CVE-2015-2269\",\n \"CVE-2015-2268\", \"CVE-2015-2267\", \"CVE-2015-2266\", \"CVE-2015-2272\",\n \"CVE-2015-2273\", \"CVE-2015-2270\", \"CVE-2015-2271\", \"CVE-2015-1493\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for moodle FEDORA-2015-4530\");\n script_tag(name: \"summary\", value: \"Check the version of moodle\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Moodle is a course management system (CMS) -\na free, Open Source software package designed using sound pedagogical principles,\nto help educators create effective online learning communities.\n\");\n script_tag(name: \"affected\", value: \"moodle on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4530\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154251.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~2.6.10~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:06", "bulletinFamily": "scanner", "description": "Check for the Version of moodle", "modified": "2018-04-06T00:00:00", "published": "2014-08-05T00:00:00", "id": "OPENVAS:1361412562310868049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868049", "title": "Fedora Update for moodle FEDORA-2014-8609", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2014-8609\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868049\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-05 16:40:42 +0530 (Tue, 05 Aug 2014)\");\n script_cve_id(\"CVE-2014-3541\", \"CVE-2014-3542\", \"CVE-2014-3543\", \"CVE-2014-3544\",\n \"CVE-2014-3545\", \"CVE-2014-3546\", \"CVE-2014-3547\", \"CVE-2014-3548\",\n \"CVE-2014-3549\", \"CVE-2014-3550\", \"CVE-2014-3551\", \"CVE-2014-3552\",\n \"CVE-2014-3553\", \"CVE-2014-0213\", \"CVE-2014-0214\", \"CVE-2014-0215\",\n \"CVE-2014-0216\", \"CVE-2014-0217\", \"CVE-2014-0218\", \"CVE-2014-0122\",\n \"CVE-2014-0123\", \"CVE-2014-0124\", \"CVE-2014-0125\", \"CVE-2014-0126\",\n \"CVE-2014-0127\", \"CVE-2014-0129\", \"CVE-2014-0008\", \"CVE-2012-6087\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for moodle FEDORA-2014-8609\");\n\n tag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\npackage designed using sound pedagogical principles, to help educators create\neffective online learning communities.\n\";\n\n tag_affected = \"moodle on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-8609\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136148.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of moodle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~2.4.11~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
