GitHub Advisory DatabaseGHSA-4W8M-96V9-2C86Moodle CRLF Injection Vulnerability in Calendar Component
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
57.7%
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.
Affected configurations
References
penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle/
github.com/advisories/GHSA-4w8m-96v9-2c86
github.com/moodle/moodle/commit/581e8dba387f090d89382115fd850d8b44351526
github.com/moodle/moodle/commit/ae7cc577b7115a7ad7a68dc4986aca9e2bda2cf5
github.com/moodle/moodle/commit/bc577df6a974606fcb0882b090b00ea5a4e10cf6
github.com/moodle/moodle/commit/e311b14364719b0f7851149ee51c1a4ec732635e
moodle.org/mod/forum/discuss.php?d=191754
nvd.nist.gov/vuln/detail/CVE-2011-4203
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
57.7%