CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
82.5%
The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, 2.7.x prior to 2.7.3, and all previous releases are exposed to the following vulnerabilities :
A cross-site scripting (XSS) vulnerability affects the script ‘lib/setup.php’. Specifically, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site script to AJAX scripts (although this is unlikely on modern browsers and on most Moodle pages). (MSA-14-0035 / CVE-2014-9059)
A cross-site scripting (XSS) vulnerability exists in the Feedback module. This occurs because the last search string was not escaped in the search input field. Specifically, this affects the ‘$searchcourse’ parameter in the script ‘mod/feedback/mapcourse.php’. (MSA-14-0036 / CVE-2014-7830)
The temporary password generation function ‘generate_password()’ uses an unreasonably short list of possible words to create temporary passwords. (MSA-14-0037 / CVE-2014-7845)
A security bypass flaw exists in ‘mod/lti/launch.php’ which performs access control at the course level rather than at the activity level. This could allow remote authenticated users to bypass the ‘mod/lti:view’ capability requirement by viewing an activity instance. (MSA-14-0039 / CVE-2014-7832)
An information disclosure flaw affects ‘mod/data/edit.php’ because the script sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher. (MSA-14-0040 / CVE-2014-7833)
An access control flaw exists in ‘tag/tag_autocomplete.php’ because the script does not consider the ‘moodle/tag:edit’ capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request. (MSA-14-0041 / CVE-2014-7846)
A denial of service vulnerability exists in the Geo-Map script, ‘iplookup/index.php’. Specifically, the script used to geo-map IP addresses was available to unauthenticated users increasing server load when used by other parties. (MSA-14-0042 / CVE-2014-7847)
Multiple cross-site request forgery (CSRF) vulnerabilities affect the LTI module that allow remote attackers to hijack the authentication of arbitrary users to make a request. Specifically, these flaws exist in ‘mod/lti/request_tool.php’ and ‘mod/lti/instructor_edit_tool_type.php’. (MSA-14-0046 / CVE-2014-7836)
A security-bypass vulnerability exists within the script ‘mod/wiki/admin.php’ because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to delete pages in other Wiki pages by manipulating URLs. (MSA-14-0047 / CVE-2014-7837)
A cross-site request forgery (CSRF) flaw affects the forum tracking toggle function because it lacks a session key check. Specifically, this affects the script ‘mod/forum/settracking.php’. (MSA-14-0048 / CVE-2014-7838)
A flaw exists that could allow a remote attacker to print arbitrary messages to a user session through modifying the URL query string. Specifically, this affects the script ‘mod/lti/return.php’ when loading the LTI module return page. (MSA-14-0049 / CVE-2014-9060)
Binary data 8721.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7832
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7833
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7837
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7838
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9060
moodle.org/security
openwall.com/lists/oss-security/2014/11/17/11
www.nessus.org/u?e73e48cd