Lucene search

Ubuntu.comUB:CVE-2006-4943

HistorySep 23, 2006 - 12:00 a.m.

CVE-2006-4943

2006-09-2300:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

61.1%

JSON

course/jumpto.php in Moodle before 1.6.2 does not validate the session key
(sesskey) before providing content from arbitrary local URIs, which allows
remote attackers to obtain sensitive information via the jump parameter.

References

launchpad.net/bugs/cve/CVE-2006-4943

nvd.nist.gov/vuln/detail/CVE-2006-4943

security-tracker.debian.org/tracker/CVE-2006-4943

www.cve.org/CVERecord?id=CVE-2006-4943

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

61.1%

JSON

Related for UB:CVE-2006-4943