Lucene search

[email protected]NVD:CVE-2011-4118

HistoryNov 15, 2011 - 3:57 a.m.

CVE-2011-4118

2011-11-1503:57:56

CWE-264

[email protected]

web.nvd.nist.gov

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.

Affected configurations

NVD

Node

maharamaharaRange≤1.4.0

maharamaharaMatch0.9.0

maharamaharaMatch0.9.1

maharamaharaMatch0.9.2

maharamaharaMatch1.0.0

maharamaharaMatch1.0.1

maharamaharaMatch1.0.2

maharamaharaMatch1.0.3

maharamaharaMatch1.0.4

maharamaharaMatch1.0.5

maharamaharaMatch1.0.6

maharamaharaMatch1.0.7

maharamaharaMatch1.0.8

maharamaharaMatch1.0.9

maharamaharaMatch1.0.10

maharamaharaMatch1.0.11

maharamaharaMatch1.0.12

maharamaharaMatch1.0.13

maharamaharaMatch1.0.14

maharamaharaMatch1.0.15

maharamaharaMatch1.1

maharamaharaMatch1.1.0

maharamaharaMatch1.1.0alpha1

maharamaharaMatch1.1.0alpha2

maharamaharaMatch1.1.0alpha3

maharamaharaMatch1.1.0beta1

maharamaharaMatch1.1.0beta2

maharamaharaMatch1.1.0beta3

maharamaharaMatch1.1.0beta4

maharamaharaMatch1.1.0rc1

maharamaharaMatch1.1.0rc2

maharamaharaMatch1.1.1

maharamaharaMatch1.1.2

maharamaharaMatch1.1.3

maharamaharaMatch1.1.4

maharamaharaMatch1.1.5

maharamaharaMatch1.1.6

maharamaharaMatch1.1.7

maharamaharaMatch1.1.8

maharamaharaMatch1.1.9

maharamaharaMatch1.2.0

maharamaharaMatch1.2.0alpha1

maharamaharaMatch1.2.0alpha2

maharamaharaMatch1.2.0alpha3

maharamaharaMatch1.2.0beta1

maharamaharaMatch1.2.0beta2

maharamaharaMatch1.2.0beta3

maharamaharaMatch1.2.0beta4

maharamaharaMatch1.2.0rc1

maharamaharaMatch1.2.1

maharamaharaMatch1.2.2

maharamaharaMatch1.2.3

maharamaharaMatch1.2.4

maharamaharaMatch1.2.5

maharamaharaMatch1.2.6

maharamaharaMatch1.3.0

maharamaharaMatch1.3.0beta1

maharamaharaMatch1.3.0beta2

maharamaharaMatch1.3.0beta3

maharamaharaMatch1.3.0beta4

maharamaharaMatch1.3.0rc1

maharamaharaMatch1.3.1

maharamaharaMatch1.3.2

maharamaharaMatch1.3.3

maharamaharaMatch1.3.4

maharamaharaMatch1.3.5

maharamaharaMatch1.3.6

maharamaharaMatch1.3.7

maharamaharaMatch1.4rc1

maharamaharaMatch1.4rc2

maharamaharaMatch1.4rc3

maharamaharaMatch1.4rc4

References

mahara.org/interaction/forum/topic.php?id=4138

openwall.com/lists/oss-security/2011/11/04/10

openwall.com/lists/oss-security/2011/11/04/7

secunia.com/advisories/46719

security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz

www.debian.org/security/2011/dsa-2334

bugs.launchpad.net/mahara/+bug/884223

launchpad.net/mahara/+milestone/1.4.1

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for NVD:CVE-2011-4118

prion1 cvelist1 cve1 ubuntucve1 openvas1