漏洞信息详情
Moodle 跨站请求伪造漏洞
- CNNVD编号:CNNVD-200902-246
- 危害等级: 中危
- CVE编号: CVE-2009-0499
- 漏洞类型: 跨站请求伪造
- 发布时间: 2009-02-10
- 威胁类型: 远程
- 更新时间: 2020-12-02
- 厂 商: moodle
- 漏洞来源: Kevin Madura
漏洞简介
Moodle是一套免费、开源的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。
Moodle 1.7.7之前的1.7,1.8.8之前的1.8以及1.9.4之前的1.9版本中的forum代码存在跨站请求伪造漏洞。远程攻击者可以借助一个链接或对post.php的IMG标签,删除未授权的forum登录。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Moodle moodle 1.9
Moodle moodle-1.9.4.tgz
http://download.moodle.org/download.php/stable19/moodle-1.9.4.tgz
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb
Moodle moodle-1.7.7.tgz
http://download.moodle.org/download.php/stable17/moodle-1.7.7.tgz
Moodle moodle-1.8.8.tgz
http://download.moodle.org/download.php/stable18/moodle-1.8.8.tgz
Moodle moodle-1.9.4.tgz
http://download.moodle.org/download.php/stable19/moodle-1.9.4.tgz
参考网址
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.HTML
来源:CONFIRM
链接:http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
来源:SECUNIA
链接:http://secunia.com/advisories/34418
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2009/02/04/1
来源:CONFIRM
链接:http://moodle.org/security/
受影响实体
- Moodle Moodle:1.7
- Moodle Moodle:1.7.1
- Moodle Moodle:1.7.2
- Moodle Moodle:1.7.3
- Moodle Moodle:1.7.4
补丁
- Moodle 跨站请求伪造漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论