Lucene search
Veracode Vulnerability DatabaseVERACODE:4831HistoryJul 30, 2017 - 10:47 p.m.
Session Hijack
2017-07-3022:47:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Moodle is vulnerable to session hijacking. The web service tokens in MoodleMobile do not expire, this allows attackers to brute-force usable session tokens.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | 2.4.9 | |
| moodle/moodle | le | 2.3.11 | |
| moodle/moodle | le | 2.6.2 | |
| moodle/moodle | le | 2.5.5 |
Related
prion
prion
Code injection
2014-05-27 00:55:00
cvelist
cvelist
CVE-2014-0214
2014-05-27 00:00:00
cve
cve
CVE-2014-0214
2014-05-27 00:55:00
github
github
Moodle creates a MoodleMobile web-service token with an infinite lifetime
2022-05-13 01:12:51
ubuntucve
ubuntucve
CVE-2014-0214
2014-05-27 00:00:00
osv
osv
Moodle creates a MoodleMobile web-service token with an infinite lifetime
2022-05-13 01:12:51
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0230)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2014-6585
2014-06-02 00:00:00
Fedora Update for moodle FEDORA-2014-6577
2014-06-02 00:00:00
mageia
mageia
Updated moodle packages fix multiple vulnerabilities
2014-05-19 22:46:11
nessus
nessus
Fedora 19 : moodle-2.4.10-1.fc19 (2014-6577)
2014-05-30 00:00:00
Fedora 20 : moodle-2.5.6-1.fc20 (2014-6585)
2014-05-30 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: moodle-2.5.6-1.fc20
2014-05-29 23:27:45
[SECURITY] Fedora 19 Update: moodle-2.4.10-1.fc19
2014-05-29 23:27:02
[SECURITY] Fedora 20 Update: moodle-2.5.7-1.fc20
2014-07-30 07:03:13
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related for VERACODE:4831