Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2015-4724.NASL
HistoryApr 07, 2015 - 12:00 a.m.

Fedora 21 : moodle-2.7.7-1.fc21 (2015-4724)

2015-04-0700:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

Update to latest versions of the respective branches. f20 has been updated from 2.5.x to 2.6.x because 2.5.x is EOL.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2015-4724.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82610);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-1493", "CVE-2015-2266", "CVE-2015-2267", "CVE-2015-2268", "CVE-2015-2269", "CVE-2015-2270", "CVE-2015-2271", "CVE-2015-2272", "CVE-2015-2273");
  script_xref(name:"FEDORA", value:"2015-4724");

  script_name(english:"Fedora 21 : moodle-2.7.7-1.fc21 (2015-4724)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to latest versions of the respective branches. f20 has been
updated from 2.5.x to 2.6.x because 2.5.x is EOL.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1190119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1203203"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1203205"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154281.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?31ff9858"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected moodle package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC21", reference:"moodle-2.7.7-1.fc21")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle");
}
VendorProductVersionCPE
fedoraprojectfedoramoodlep-cpe:/a:fedoraproject:fedora:moodle
fedoraprojectfedora21cpe:/o:fedoraproject:fedora:21

Related

nessus 3
fedora 3
openvas 3
mageia 2
prion 9
ubuntucve 9
cve 10
veracode 9
osv 9
github 9
exploitpack 1
packetstorm 1
zdt 1
zeroscience 1
exploitdb 1
nessus
nessus
Fedora 22 : moodle-2.8.5-1.fc22 (2015-4613)
2015-04-22 00:00:00
Fedora 20 : moodle-2.6.10-1.fc20 (2015-4530)
2015-04-07 00:00:00
Moodle < 2.6 / 2.6.x < 2.6.9 / 2.7.x < 2.7.6 / 2.8.x < 2.8.4 Multiple Vulnerabilities
2015-04-21 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: moodle-2.8.5-1.fc22
2015-04-21 18:26:37
[SECURITY] Fedora 21 Update: moodle-2.7.7-1.fc21
2015-04-05 14:33:57
[SECURITY] Fedora 20 Update: moodle-2.6.10-1.fc20
2015-04-05 14:29:57
openvas
openvas
Fedora Update for moodle FEDORA-2015-4613
2015-07-07 00:00:00
Fedora Update for moodle FEDORA-2015-4724
2015-04-06 00:00:00
Fedora Update for moodle FEDORA-2015-4530
2015-04-06 00:00:00
mageia
mageia
Updated moodle packages fix security vulnerabilities
2015-03-19 02:01:47
Updated moodle packages fix CVE-2015-1493
2015-02-10 00:44:14
prion
prion
Cross site scripting
2015-06-01 19:59:00
Design/Logic Flaw
2015-06-01 19:59:00
Design/Logic Flaw
2015-06-01 19:59:00
ubuntucve
ubuntucve
CVE-2015-2273
2015-06-01 00:00:00
CVE-2015-2272
2015-06-01 00:00:00
CVE-2015-2267
2015-06-01 00:00:00
cve
cve
CVE-2015-2272
2015-06-01 19:59:00
CVE-2015-2273
2015-06-01 19:59:00
CVE-2015-2271
2015-06-01 19:59:00
veracode
veracode
Cross-site Scripting (XSS)
2017-07-27 19:28:02
Force-Password-Change Bypass
2017-07-27 01:41:08
Regular Expression Denial Of Service (ReDoS)
2017-07-27 02:22:06
osv
osv
Moodle cross-site scripting (XSS) vulnerability
2022-05-13 01:12:45
Moodle allows attackers to cause a denial of service
2022-05-13 01:12:45
Moodle allows attackers to bypass a forced-password-change requirement
2022-05-13 01:12:45
github
github
Moodle cross-site scripting (XSS) vulnerability
2022-05-13 01:12:45
Moodle allows attackers to cause a denial of service
2022-05-13 01:12:45
Moodle allows attackers to extract archives to arbitrary directories
2022-05-13 01:12:45
exploitpack
exploitpack
Moodle 2.5.92.6.82.7.52.8.3 - Block Title Handler Cross-Site Scripting
2015-03-17 00:00:00
packetstorm
packetstorm
Moodle 2.5.9 / 2.6.8 / 2.7.5 / 2.8.3 Cross Site Scripting
2015-03-17 00:00:00
zdt
zdt
Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting Vulnerability
2015-03-20 00:00:00
zeroscience
zeroscience
Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting
2015-03-16 00:00:00
exploitdb
exploitdb
Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting
2015-03-17 00:00:00
JSON
Related for FEDORA_2015-4724.NASL
nessus3fedora3openvas3mageia2prion9ubuntucve9cve10veracode9osv9github9exploitpack1packetstorm1zdt1zeroscience1exploitdb1