Lucene search

K

[email protected]NVD:CVE-2011-4586

HistoryJul 20, 2012 - 10:40 a.m.

CVE-2011-4586

2012-07-2010:40:35

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.9%

CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected configurations

NVD

Node

moodlemoodleMatch1.9.1

OR

moodlemoodleMatch1.9.2

OR

moodlemoodleMatch1.9.3

OR

moodlemoodleMatch1.9.4

OR

moodlemoodleMatch1.9.5

OR

moodlemoodleMatch1.9.6

OR

moodlemoodleMatch1.9.7

OR

moodlemoodleMatch1.9.8

OR

moodlemoodleMatch1.9.9

OR

moodlemoodleMatch1.9.10

OR

moodlemoodleMatch1.9.11

OR

moodlemoodleMatch1.9.12

OR

moodlemoodleMatch1.9.13

OR

moodlemoodleMatch1.9.14

OR

moodlemoodleMatch2.0.0

OR

moodlemoodleMatch2.0.1

OR

moodlemoodleMatch2.0.2

OR

moodlemoodleMatch2.0.3

OR

moodlemoodleMatch2.0.4

OR

moodlemoodleMatch2.0.5

OR

moodlemoodleMatch2.1.0

OR

moodlemoodleMatch2.1.1

OR

moodlemoodleMatch2.1.2

References

git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=581e8dba387f090d89382115fd850d8b44351526

moodle.org/mod/forum/discuss.php?d=191754

www.debian.org/security/2012/dsa-2421

bugzilla.redhat.com/show_bug.cgi?id=761248

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.9%

Related for NVD:CVE-2011-4586

prion1 ubuntucve1 cve1 cvelist1 nessus3 openvas6 securityvulns2 debian1 osv1