Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2009-4302
HistoryDec 16, 2009 - 1:30 a.m.

CVE-2009-4302

2009-12-1601:30:00
CWE-310
mitre
web.nvd.nist.gov
34
cve-2009-4302
moodle
login form
http port
https
credentials leakage
ssl
remote attackers
sniffing

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.005

Percentile

77.6%

JSON

login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.

Affected configurations

Nvd
Node
moodlemoodleMatch1.8.1
OR
moodlemoodleMatch1.8.2
OR
moodlemoodleMatch1.8.3
OR
moodlemoodleMatch1.8.4
OR
moodlemoodleMatch1.8.5
OR
moodlemoodleMatch1.8.7
OR
moodlemoodleMatch1.8.8
OR
moodlemoodleMatch1.8.9
OR
moodlemoodleMatch1.8.10
OR
moodlemoodleMatch1.9.1
OR
moodlemoodleMatch1.9.2
OR
moodlemoodleMatch1.9.3
OR
moodlemoodleMatch1.9.4
OR
moodlemoodleMatch1.9.5
OR
moodlemoodleMatch1.9.6
VendorProductVersionCPE
moodlemoodle1.8.1cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
moodlemoodle1.8.2cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
moodlemoodle1.8.3cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
moodlemoodle1.8.4cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
moodlemoodle1.8.5cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
moodlemoodle1.8.7cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*
moodlemoodle1.8.8cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*
moodlemoodle1.8.9cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*
moodlemoodle1.8.10cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*
moodlemoodle1.9.1cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 151

Related

ubuntucve 1
prion 1
nvd 1
cvelist 1
nessus 6
osv 1
securityvulns 2
openvas 6
debian 1
ubuntucve
ubuntucve
CVE-2009-4302
2009-12-16 00:00:00
prion
prion
Design/Logic Flaw
2009-12-16 01:30:00
nvd
nvd
CVE-2009-4302
2009-12-16 01:30:00
cvelist
cvelist
CVE-2009-4302
2009-12-16 01:00:00
nessus
nessus
Debian DSA-1986-1 : moodle - several vulnerabilities
2010-02-24 00:00:00
openSUSE Security Update : moodle (moodle-1933)
2010-02-15 00:00:00
openSUSE Security Update : moodle (moodle-1933)
2010-02-15 00:00:00
osv
osv
moodle - several vulnerabilities
2010-02-02 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities
2010-02-04 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-02-04 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1986-1)
2010-02-10 00:00:00
Debian Security Advisory DSA 1986-1 (moodle)
2010-02-10 00:00:00
Fedora Core 11 FEDORA-2009-13080 (moodle)
2009-12-14 00:00:00
debian
debian
[SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities
2010-02-02 19:16:23

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.005

Percentile

77.6%

JSON
Related for CVE-2009-4302
ubuntucve1prion1nvd1cvelist1nessus6osv1securityvulns2openvas6debian1