Lucene search

MitreCVE-2011-1406

HistoryMay 13, 2011 - 10:55 p.m.

CVE-2011-1406

2011-05-1322:55:01

CWE-16

mitre

web.nvd.nist.gov

mahara

cve-2011-1406

https

url

configuration setting

sniffing

network security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

71.5%

JSON

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.

Affected configurations

Nvd

Node

maharamaharaRange≤1.3.5

maharamaharaMatch0.9.0

maharamaharaMatch0.9.1

maharamaharaMatch0.9.2

maharamaharaMatch1.0.0

maharamaharaMatch1.0.1

maharamaharaMatch1.0.2

maharamaharaMatch1.0.3

maharamaharaMatch1.0.4

maharamaharaMatch1.0.5

maharamaharaMatch1.0.6

maharamaharaMatch1.0.7

maharamaharaMatch1.0.8

maharamaharaMatch1.0.9

maharamaharaMatch1.0.10

maharamaharaMatch1.0.11

maharamaharaMatch1.0.12

maharamaharaMatch1.0.13

maharamaharaMatch1.0.14

maharamaharaMatch1.0.15

maharamaharaMatch1.1

maharamaharaMatch1.1.0

maharamaharaMatch1.1.0alpha1

maharamaharaMatch1.1.0alpha2

maharamaharaMatch1.1.0alpha3

maharamaharaMatch1.1.0beta1

maharamaharaMatch1.1.0beta2

maharamaharaMatch1.1.0beta3

maharamaharaMatch1.1.0beta4

maharamaharaMatch1.1.0rc1

maharamaharaMatch1.1.0rc2

maharamaharaMatch1.1.1

maharamaharaMatch1.1.2

maharamaharaMatch1.1.3

maharamaharaMatch1.1.4

maharamaharaMatch1.1.5

maharamaharaMatch1.1.6

maharamaharaMatch1.1.7

maharamaharaMatch1.1.8

maharamaharaMatch1.1.9

maharamaharaMatch1.2.0

maharamaharaMatch1.2.0alpha1

maharamaharaMatch1.2.0alpha2

maharamaharaMatch1.2.0alpha3

maharamaharaMatch1.2.0beta1

maharamaharaMatch1.2.0beta2

maharamaharaMatch1.2.0beta3

maharamaharaMatch1.2.0beta4

maharamaharaMatch1.2.0rc1

maharamaharaMatch1.2.1

maharamaharaMatch1.2.2

maharamaharaMatch1.2.3

maharamaharaMatch1.2.4

maharamaharaMatch1.2.5

maharamaharaMatch1.2.6

maharamaharaMatch1.3.0

maharamaharaMatch1.3.0beta1

maharamaharaMatch1.3.0beta2

maharamaharaMatch1.3.0beta3

maharamaharaMatch1.3.0beta4

maharamaharaMatch1.3.0rc1

maharamaharaMatch1.3.1

maharamaharaMatch1.3.2

maharamaharaMatch1.3.3

maharamaharaMatch1.3.4

VendorProductVersionCPE
maharamahara*cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
maharamahara0.9.0cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*
maharamahara0.9.1cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*
maharamahara0.9.2cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*
maharamahara1.0.0cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*
maharamahara1.0.1cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*
maharamahara1.0.2cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*
maharamahara1.0.3cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*
maharamahara1.0.4cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*
maharamahara1.0.5cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mahara	mahara	*	cpe:2.3:a:mahara:mahara::::::::
mahara	mahara	0.9.0	cpe:2.3:a:mahara:mahara:0.9.0:::::::*
mahara	mahara	0.9.1	cpe:2.3:a:mahara:mahara:0.9.1:::::::*
mahara	mahara	0.9.2	cpe:2.3:a:mahara:mahara:0.9.2:::::::*
mahara	mahara	1.0.0	cpe:2.3:a:mahara:mahara:1.0.0:::::::*
mahara	mahara	1.0.1	cpe:2.3:a:mahara:mahara:1.0.1:::::::*
mahara	mahara	1.0.2	cpe:2.3:a:mahara:mahara:1.0.2:::::::*
mahara	mahara	1.0.3	cpe:2.3:a:mahara:mahara:1.0.3:::::::*
mahara	mahara	1.0.4	cpe:2.3:a:mahara:mahara:1.0.4:::::::*
mahara	mahara	1.0.5	cpe:2.3:a:mahara:mahara:1.0.5:::::::*