Lucene search

[email protected]NVD:CVE-2009-4303

HistoryDec 16, 2009 - 1:30 a.m.

CVE-2009-4303

2009-12-1601:30:00

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.9%

JSON

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified “secrets” in backup files, which might allow attackers to obtain sensitive information.

Affected configurations

NVD

Node

moodlemoodleMatch1.8.1

moodlemoodleMatch1.8.2

moodlemoodleMatch1.8.3

moodlemoodleMatch1.8.4

moodlemoodleMatch1.8.5

moodlemoodleMatch1.8.7

moodlemoodleMatch1.8.8

moodlemoodleMatch1.8.9

moodlemoodleMatch1.8.10

moodlemoodleMatch1.9.1

moodlemoodleMatch1.9.2

moodlemoodleMatch1.9.3

moodlemoodleMatch1.9.4

moodlemoodleMatch1.9.5

moodlemoodleMatch1.9.6

References

docs.moodle.org/en/Moodle_1.8.11_release_notes

docs.moodle.org/en/Moodle_1.9.7_release_notes

moodle.org/mod/forum/discuss.php?d=139110

secunia.com/advisories/37614

www.securityfocus.com/bid/37244

www.vupen.com/english/advisories/2009/3455

www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.9%

JSON

Related for NVD:CVE-2009-4303

cve1 prion1 cvelist1 ubuntucve1 nessus6 osv1 securityvulns2 debian1 openvas6