Lucene search

K

PRIOn knowledge basePRION:CVE-2009-4302

HistoryDec 16, 2009 - 1:30 a.m.

Design/Logic Flaw

2009-12-1601:30:00

PRIOn knowledge base

www.prio-n.com

1

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.0%

login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.

CPENameOperatorVersion
moodleeq1.9.4
moodleeq1.9.1
moodleeq1.8.8
moodleeq1.9.6
moodleeq1.8.2
moodleeq1.9.2
moodleeq1.8.5
moodleeq1.8.3
moodleeq1.8.9
moodleeq1.8.7

Rows per page:

1-10 of 151

References

docs.moodle.org/en/Moodle_1.8.11_release_notes

docs.moodle.org/en/Moodle_1.9.7_release_notes

moodle.org/mod/forum/discuss.php?d=139107

secunia.com/advisories/37614

www.securityfocus.com/bid/37244

www.vupen.com/english/advisories/2009/3455

www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.0%

Related for PRION:CVE-2009-4302

ubuntucve1 cvelist1 cve1 securityvulns2 nessus6 osv1 openvas6 debian1