Lucene search

K

Ubuntu.comUB:CVE-2012-4407

HistorySep 19, 2012 - 12:00 a.m.

CVE-2012-4407

2012-09-1900:00:00

ubuntu.com

ubuntu.com

8

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

70.5%

lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x
before 2.3.2 does not properly check the publication state of blog files,
which allows remote attackers to obtain sensitive information by reading a
blog entry that references a non-public file.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687924>

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585

moodle.org/mod/forum/discuss.php?d=211557

openwall.com/lists/oss-security/2012/09/17/1

launchpad.net/bugs/cve/CVE-2012-4407

nvd.nist.gov/vuln/detail/CVE-2012-4407

security-tracker.debian.org/tracker/CVE-2012-4407

www.cve.org/CVERecord?id=CVE-2012-4407

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

70.5%

Related for UB:CVE-2012-4407

cve1 nvd1 veracode1 cvelist1 prion1 nessus4 fedora1 openvas2