Executive Summary
Summary | |
---|---|
Title | Moodle vulnerability |
Informations | |||
---|---|---|---|
Name | USN-658-1 | First vendor Publication | 2008-10-23 |
Vendor | Ubuntu | Last vendor Modification | 2008-10-23 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: Ubuntu 8.04 LTS: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Lukasz Pilorz discovered that the HTML filtering used in Moodle was not strict enough. A remote attacker could send malicious requests to Moodle and execute arbitrary code as the web server user. |
Original Source
Url : http://www.ubuntu.com/usn/USN-658-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17657 | |||
Oval ID: | oval:org.mitre.oval:def:17657 | ||
Title: | USN-658-1 -- moodle vulnerability | ||
Description: | Lukasz Pilorz discovered that the HTML filtering used in Moodle was not strict enough. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-658-1 CVE-2008-1502 | Version: | 7 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 | Product(s): | moodle |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:265 (egroupware) File : nvt/mdksa_2009_265.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1871-1 (wordpress) File : nvt/deb_1871_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1871-2 (wordpress) File : nvt/deb_1871_2.nasl |
2009-06-05 | Name : Ubuntu USN-698-1 (nagios) File : nvt/ubuntu_698_1.nasl |
2009-03-23 | Name : Ubuntu Update for moodle vulnerability USN-658-1 File : nvt/gb_ubuntu_USN_658_1.nasl |
2009-02-17 | Name : Fedora Update for moodle FEDORA-2008-6226 File : nvt/gb_fedora_2008_6226_moodle_fc8.nasl |
2008-12-29 | Name : Debian Security Advisory DSA 1691-1 (moodle) File : nvt/deb_1691_1.nasl |
2008-12-29 | Name : Ubuntu USN-698-2 (nagios3) File : nvt/ubuntu_698_2.nasl |
2008-12-29 | Name : Ubuntu USN-699-1 (blender) File : nvt/ubuntu_699_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-04 (egroupware) File : nvt/glsa_200805_04.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43677 | KSES class.kses.inc.php _bad_protocol_once() Function HTML Filter Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1871.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-658-1.nasl - Type : ACT_GATHER_INFO |
2008-12-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1691.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote openSUSE host is missing a security update. File : suse_moodle-5439.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6226.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-04.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:21 |
|