Lucene search
Ubuntu.comUB:CVE-2007-1647HistoryMar 24, 2007 - 12:00 a.m.
CVE-2007-1647
2007-03-2400:00:00
ubuntu.com
ubuntu.com
4
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.027 Low
EPSS
Percentile
90.4%
Moodle 1.5.2 and earlier stores sensitive information under the web root
with insufficient access control, and provides directory listings, which
allows remote attackers to obtain user names, password hashes, and other
sensitive information via a direct request for session (sess_*) files in
moodledata/sessions/.
Related
nessus
nessus
Moodle 'moodledata/sessions' Session Files Remote Information Disclosure
2007-03-23 00:00:00
cve
cve
CVE-2007-1647
2007-03-24 00:19:00
prion
prion
Improper access control
2007-03-24 00:19:00
securityvulns
securityvulns
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.027 Low
EPSS
Percentile
90.4%
Related for UB:CVE-2007-1647