CVE-2011-4586

CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=581e8dba387f090d89382115fd850d8b44351526
http://moodle.org/mod/forum/discuss.php?d=191754	Vendor Advisory
http://www.debian.org/security/2012/dsa-2421
https://bugzilla.redhat.com/show_bug.cgi?id=761248

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle:1.9.1:::::::*
	cpe:2.3:a:moodle:moodle:1.9.2:::::::*
	cpe:2.3:a:moodle:moodle:1.9.3:::::::*
	cpe:2.3:a:moodle:moodle:1.9.4:::::::*
	cpe:2.3:a:moodle:moodle:1.9.5:::::::*
	cpe:2.3:a:moodle:moodle:1.9.6:::::::*
	cpe:2.3:a:moodle:moodle:1.9.7:::::::*
	cpe:2.3:a:moodle:moodle:1.9.8:::::::*
	cpe:2.3:a:moodle:moodle:1.9.9:::::::*
	cpe:2.3:a:moodle:moodle:1.9.10:::::::*
	cpe:2.3:a:moodle:moodle:1.9.11:::::::*
	cpe:2.3:a:moodle:moodle:1.9.12:::::::*
	cpe:2.3:a:moodle:moodle:1.9.13:::::::*
	cpe:2.3:a:moodle:moodle:1.9.14:::::::*
	cpe:2.3:a:moodle:moodle:2.0.0:::::::*
	cpe:2.3:a:moodle:moodle:2.0.1:::::::*
	cpe:2.3:a:moodle:moodle:2.0.2:::::::*
	cpe:2.3:a:moodle:moodle:2.0.3:::::::*
	cpe:2.3:a:moodle:moodle:2.0.4:::::::*
	cpe:2.3:a:moodle:moodle:2.0.5:::::::*
	cpe:2.3:a:moodle:moodle:2.1.0:::::::*
	cpe:2.3:a:moodle:moodle:2.1.1:::::::*
	cpe:2.3:a:moodle:moodle:2.1.2:::::::*

History

No history.

Information

Published : 2012-07-20 10:40

Updated : 2023-02-13 01:21

NVD link : CVE-2011-4586

Mitre link : CVE-2011-4586

CVE.ORG link : CVE-2011-4586

JSON object : View

Products Affected

moodle

moodle

CWE

NVD-CWE-Other

{"id": "CVE-2011-4586", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-20T10:40:35.923", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=581e8dba387f090d89382115fd850d8b44351526", "source": "secalert@redhat.com"}, {"url": "http://moodle.org/mod/forum/discuss.php?d=191754", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2012/dsa-2421", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=761248", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n CRLF en calendar/set.php en el subsistema de Calendario en Moodle v1.9.x antes de v1.9.15, v2.0.x antes de v2.0.6 y v2.1.x antes v2.1.3 que permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de vectores no especificados.\r\n"}], "lastModified": "2023-02-13T01:21:49.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24F2602B-8ED3-4026-A9A4-31BE8BDC7724"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7F24649-B67F-4809-9F54-7B623AEF5A4A"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B81655E-C3B5-4115-A4C4-B7AC2FCDAB7F"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED9C3840-66BE-47EC-9F0C-E9D2171FF0B2"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBD062EB-1B1F-4DC8-A4F9-C2EC7D401E9D"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "291F73E9-1059-4E7F-860F-0DF2A35AA456"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EB5859E-0996-46B5-BB44-34BD6EACBCF5"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F87F6707-99AB-478A-909D-1D87298D5514"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BCE8B26-58BB-471C-B291-E6AE22B96C5B"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "768CE5AF-955B-4148-998A-A46BBDBA618B"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4283440F-9B21-4CE9-81FF-79DF3DEDCEE7"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A989FADA-89C3-472B-86BF-0630D1CBBCA8"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FAF84CB-46F1-4F37-BBAC-1CED0600B5B0"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FCA633D-E6CA-4D38-937B-9F83179CDAEA"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD248A1D-CACC-4E76-925A-078B736442AE"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B8A0403-0869-495F-B7C0-13A387549C7A"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39791F43-CF89-485B-AA8B-634C282BB025"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "428E4846-8C9E-4592-8437-88FCDCED704D"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4096977-3258-48B0-9C7B-D43FBC8BB1EA"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "448E5353-CD0E-407C-84F4-5E6D014A28FE"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18C6F348-DAE9-4440-8B3A-8D92ADC6606F"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "367537BF-CBDF-4CBB-91B4-6E5A567EF605"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DABBF325-C48A-4838-AC5D-0565C78976CD"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}