Lucene search

[email protected]NVD:CVE-2009-4297

HistoryDec 16, 2009 - 1:30 a.m.

CVE-2009-4297

2009-12-1601:30:00

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Affected configurations

NVD

Node

moodlemoodleMatch1.8.1

moodlemoodleMatch1.8.2

moodlemoodleMatch1.8.3

moodlemoodleMatch1.8.4

moodlemoodleMatch1.8.5

moodlemoodleMatch1.8.7

moodlemoodleMatch1.8.8

moodlemoodleMatch1.8.9

moodlemoodleMatch1.8.10

moodlemoodleMatch1.9.1

moodlemoodleMatch1.9.2

moodlemoodleMatch1.9.3

moodlemoodleMatch1.9.4

moodlemoodleMatch1.9.5

moodlemoodleMatch1.9.6

References

docs.moodle.org/en/Moodle_1.8.11_release_notes

docs.moodle.org/en/Moodle_1.9.7_release_notes

moodle.org/mod/forum/discuss.php?d=139100

secunia.com/advisories/37614

www.securityfocus.com/bid/37244

www.vupen.com/english/advisories/2009/3455

www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for NVD:CVE-2009-4297

cvelist1 prion1 openvas8 ubuntucve1 cve1 securityvulns2 nessus6 osv1 debian1