Lucene search
HistoryNov 26, 2013 - 5:25 a.m.
CVE-2013-4522
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.004
Percentile
71.9%
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send “Cache-Control: private” HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server.
Affected configurations
Node
moodlemoodleRange≤2.2.11
ORmoodlemoodleMatch1.1.1
ORmoodlemoodleMatch1.2.0
ORmoodlemoodleMatch1.2.1
ORmoodlemoodleMatch1.3.0
ORmoodlemoodleMatch1.3.1
ORmoodlemoodleMatch1.3.2
ORmoodlemoodleMatch1.3.3
ORmoodlemoodleMatch1.3.4
ORmoodlemoodleMatch1.4.1
ORmoodlemoodleMatch1.4.2
ORmoodlemoodleMatch1.4.3
ORmoodlemoodleMatch1.4.4
ORmoodlemoodleMatch1.4.5
ORmoodlemoodleMatch1.5
ORmoodlemoodleMatch1.5.0beta
ORmoodlemoodleMatch1.5.1
ORmoodlemoodleMatch1.5.2
ORmoodlemoodleMatch1.5.3
ORmoodlemoodleMatch1.6.0
ORmoodlemoodleMatch1.6.1
ORmoodlemoodleMatch1.6.2
ORmoodlemoodleMatch1.6.3
ORmoodlemoodleMatch1.6.4
ORmoodlemoodleMatch1.6.5
ORmoodlemoodleMatch1.6.6
ORmoodlemoodleMatch1.6.7
ORmoodlemoodleMatch1.6.8
ORmoodlemoodleMatch1.7.1
ORmoodlemoodleMatch1.7.2
ORmoodlemoodleMatch1.7.3
ORmoodlemoodleMatch1.7.4
ORmoodlemoodleMatch1.7.5
ORmoodlemoodleMatch1.7.6
ORmoodlemoodleMatch1.8.1
ORmoodlemoodleMatch1.8.2
ORmoodlemoodleMatch1.8.3
ORmoodlemoodleMatch1.8.4
ORmoodlemoodleMatch1.8.5
ORmoodlemoodleMatch1.8.6
ORmoodlemoodleMatch1.8.7
ORmoodlemoodleMatch1.8.8
ORmoodlemoodleMatch1.8.9
ORmoodlemoodleMatch1.8.10
ORmoodlemoodleMatch1.8.11
ORmoodlemoodleMatch1.8.12
ORmoodlemoodleMatch1.8.13
ORmoodlemoodleMatch1.8.14
ORmoodlemoodleMatch1.9.1
ORmoodlemoodleMatch1.9.2
ORmoodlemoodleMatch1.9.3
ORmoodlemoodleMatch1.9.4
ORmoodlemoodleMatch1.9.5
ORmoodlemoodleMatch1.9.6
ORmoodlemoodleMatch1.9.7
ORmoodlemoodleMatch1.9.8
ORmoodlemoodleMatch1.9.9
ORmoodlemoodleMatch1.9.10
ORmoodlemoodleMatch1.9.11
ORmoodlemoodleMatch1.9.12
ORmoodlemoodleMatch1.9.13
ORmoodlemoodleMatch1.9.14
ORmoodlemoodleMatch1.9.15
ORmoodlemoodleMatch1.9.16
ORmoodlemoodleMatch1.9.17
ORmoodlemoodleMatch1.9.18
ORmoodlemoodleMatch2.0.0
ORmoodlemoodleMatch2.0.1
ORmoodlemoodleMatch2.0.2
ORmoodlemoodleMatch2.0.3
ORmoodlemoodleMatch2.0.4
ORmoodlemoodleMatch2.0.5
ORmoodlemoodleMatch2.0.6
ORmoodlemoodleMatch2.0.7
ORmoodlemoodleMatch2.0.8
ORmoodlemoodleMatch2.0.9
ORmoodlemoodleMatch2.1.0
ORmoodlemoodleMatch2.1.1
ORmoodlemoodleMatch2.1.2
ORmoodlemoodleMatch2.1.3
ORmoodlemoodleMatch2.1.4
ORmoodlemoodleMatch2.1.5
ORmoodlemoodleMatch2.1.6
ORmoodlemoodleMatch2.1.7
ORmoodlemoodleMatch2.1.8
ORmoodlemoodleMatch2.1.9
ORmoodlemoodleMatch2.1.10
ORmoodlemoodleMatch2.2.0
ORmoodlemoodleMatch2.2.1
ORmoodlemoodleMatch2.2.2
ORmoodlemoodleMatch2.2.3
ORmoodlemoodleMatch2.2.4
ORmoodlemoodleMatch2.2.5
ORmoodlemoodleMatch2.2.6
ORmoodlemoodleMatch2.2.7
ORmoodlemoodleMatch2.2.8
ORmoodlemoodleMatch2.2.9
ORmoodlemoodleMatch2.2.10
ORmoodlemoodleMatch2.3.0
ORmoodlemoodleMatch2.3.1
ORmoodlemoodleMatch2.3.2
ORmoodlemoodleMatch2.3.3
ORmoodlemoodleMatch2.3.4
ORmoodlemoodleMatch2.3.5
ORmoodlemoodleMatch2.3.6
ORmoodlemoodleMatch2.3.7
ORmoodlemoodleMatch2.3.8
ORmoodlemoodleMatch2.3.9
ORmoodlemoodleMatch2.4.0
ORmoodlemoodleMatch2.4.1
ORmoodlemoodleMatch2.4.2
ORmoodlemoodleMatch2.4.3
ORmoodlemoodleMatch2.4.4
ORmoodlemoodleMatch2.4.5
ORmoodlemoodleMatch2.4.6
ORmoodlemoodleMatch2.5.0
ORmoodlemoodleMatch2.5.1
ORmoodlemoodleMatch2.5.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moodle | moodle | * | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* |
| moodle | moodle | 1.1.1 | cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:* |
| moodle | moodle | 1.2.0 | cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:* |
| moodle | moodle | 1.2.1 | cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.0 | cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.1 | cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.2 | cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.3 | cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:* |
| moodle | moodle | 1.3.4 | cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:* |
| moodle | moodle | 1.4.1 | cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2013-4522
2013-11-26 05:25:38
ubuntucve
ubuntucve
CVE-2013-4522
2013-11-26 00:00:00
prion
prion
Design/Logic Flaw
2013-11-26 05:25:00
veracode
veracode
Information Disclosure
2017-07-07 09:03:18
cvelist
cvelist
CVE-2013-4522
2013-11-26 02:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0356)
2022-01-28 00:00:00
nessus
nessus
mageia
mageia
Updated moodle package fixes security vulnerabilities
2013-12-01 01:24:35
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.004
Percentile
71.9%
Related for NVD:CVE-2013-4522