Mahara Multiple Remote Vulnerabilities include executing arbitrary code, stealing credentials, disclosing sensitive information, and bypassing security. Impacting Mahara versions prior to 1.3.6. Requires update to Mahara version 1.3.6 or later. Host running Mahara prone to remote vulnerabilities
Reporter | Title | Published | Views | Family All 34 |
---|---|---|---|---|
![]() | [SECURITY] [DSA 2246-1] mahara security update | 29 May 201111:48 | – | debian |
![]() | [SECURITY] [DSA 2246-1] mahara security update | 29 May 201111:48 | – | debian |
![]() | Mahara Multiple Remote Vulnerabilities | 23 May 201100:00 | – | openvas |
![]() | Debian: Security Advisory (DSA-2246-1) | 3 Aug 201100:00 | – | openvas |
![]() | Debian Security Advisory DSA 2246-1 (mahara) | 3 Aug 201100:00 | – | openvas |
![]() | Debian DSA-2246-1 : mahara - several vulnerabilities | 10 Jun 201100:00 | – | nessus |
![]() | [SECURITY] [DSA 2246-1] mahara security update | 30 May 201100:00 | – | securityvulns |
![]() | Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 2 Jun 201100:00 | – | securityvulns |
![]() | mahara - several vulnerabilities | 29 May 201100:00 | – | osv |
![]() | CVE-2011-1403 | 13 May 201122:55 | – | cve |
Source | Link |
---|---|
launchpad | www.launchpad.net/mahara/+milestone/1.3.6 |
secunia | www.secunia.com/advisories/44433 |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_mahara_mult_vuln.nasl 7029 2017-08-31 11:51:40Z teissa $
#
# Mahara Multiple Remote Vulnerabilities
#
# Authors:
# Sooraj KS <[email protected]>
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation will allow attackers to execute arbitrary script
code in the browser of an unsuspecting user in the context of the affected
site, steal cookie-based authentication credentials, disclose or modify
sensitive information, or perform certain administrative actions and bypass
security restrictions.
Impact Level: Application";
tag_affected = "Mahara version prior to 1.3.6";
tag_insight = "- An error in artefact/plans/viewtasks.json.php, artefact/blog/posts.json.php,
and blocktype/myfriends/myfriends.json.php when checking a user's permission
can be exploited to access restricted views.
- An error in view/newviewtoken.json.php, artefact/plans/tasks.json.php, and
artefact/blog/view/index.json.php when checking a user's permission can be
exploited to edit restricted views.
- An error in admin/users/search.json.php due to the 'INSTITUTIONALADMIN'
permission not being checked can be exploited to search and suspend other
users.
- The application allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the requests. This can be
exploited to create an arbitrary user with administrative privileges if a
logged-in administrative user visits a malicious web site.
- Input passed via certain email fields as a result of forum posts and view
feedback notifications is not properly sanitised in artefact/comment/lib.php
and interaction/forum/lib.php before being used.
- Improper handling of an https URL in the wwwroot configuration setting,
allows user-assisted remote attackers to obtain credentials by sniffing
the network at a time when an http URL is used for a login.";
tag_solution = "Upgrade to Mahara version 1.3.6 or later.
For updates refer to http://mahara.org/";
tag_summary = "This host is running Mahara and is prone to multiple remote
vulnerabilities.";
if(description)
{
script_id(801889);
script_version("$Revision: 7029 $");
script_tag(name:"last_modification", value:"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $");
script_tag(name:"creation_date", value:"2011-05-23 15:31:07 +0200 (Mon, 23 May 2011)");
script_bugtraq_id(47798);
script_cve_id("CVE-2011-1402", "CVE-2011-1403", "CVE-2011-1404",
"CVE-2011-1405", "CVE-2011-1406");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_name("Mahara Multiple Remote Vulnerabilities");
script_xref(name : "URL" , value : "http://secunia.com/advisories/44433");
script_xref(name : "URL" , value : "https://launchpad.net/mahara/+milestone/1.3.6");
script_tag(name:"qod_type", value:"remote_banner");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("secpod_mahara_detect.nasl");
script_require_ports("Services/www", 80);
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
include("http_func.inc");
include("version_func.inc");
## Get HTTP Port
port = get_http_port(default:80);
if(!port){
exit(0);
}
## Check Host Supports PHP
if(!can_host_php(port:port)){
exit(0);
}
## Get Mahara version from KB
if(vers = get_version_from_kb(port:port, app:"Mahara"))
{
if(version_is_less(version: vers, test_version: "1.3.6")) {
security_message(port:port);
}
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo