漏洞信息详情
Moodle 'index_form.HTML'cleartext安全权限漏洞
- CNNVD编号:CNNVD-200912-210
- 危害等级: 中危
- CVE编号: CVE-2009-4302
- 漏洞类型: 加密问题
- 发布时间: 2009-12-16
- 威胁类型: 远程
- 更新时间: 2020-12-02
- 厂 商: moodle
- 漏洞来源: Andrea Tuccia, Adr...
漏洞简介
Moodle是一个Web在线课程系统。Moodle中的login/index_form.HTML链接HTTP端口的一个索引页面,即使当该页服务一个HTTPS端口,可能引起资格被发送到cleartext中,即便SSL被设定,远程攻击者可以借助探查获得这些资格。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Moodle moodle 1.9
Moodle moodle-1.9.7.tgz
http://download.moodle.org/stable19/moodle-1.9.7.tgz
Debian Linux 5.0 hppa
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 ia-64
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 m68k
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 arm
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 armel
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 alpha
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 amd64
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 ia-32
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 mips
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 s/390
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 mipsel
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 powerpc
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Debian Linux 5.0 sparc
Debian moodle_1.8.2.dfsg-3+lenny3_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfs g-3+lenny3_all.deb
Moodle moodle 1.8.10
Moodle moodle-1.8.11.tgz
http://download.moodle.org/stable18/moodle-1.8.11.tgz
Moodle moodle 1.8.2
Moodle moodle-1.8.11.tgz
http://download.moodle.org/stable18/moodle-1.8.11.tgz
Moodle moodle 1.8.3
Moodle moodle-1.8.11.tgz
http://download.moodle.org/stable18/moodle-1.8.11.tgz
Moodle moodle 1.8.4
Moodle moodle-1.8.11.tgz
http://download.moodle.org/stable18/moodle-1.8.11.tgz
Moodle moodle 1.8.5
Moodle moodle-1.8.11.tgz
http://download.moodle.org/stable18/moodle-1.8.11.tgz
Moodle moodle 1.8.6
Moodle moodle-1.8.11.tgz
http://download.moodle.org/stable18/moodle-1.8.11.tgz
Moodle moodle 1.8.7
Moodle moodle-1.8.11.tgz
http://download.moodle.org/stable18/moodle-1.8.11.tgz
Moodle moodle 1.8.8
Moodle moodle-1.8.11.tgz
http://download.moodle.org/stable18/moodle-1.8.11.tgz
Moodle moodle 1.8.9
Moodle moodle-1.8.11.tgz
http://download.moodle.org/stable18/moodle-1.8.11.tgz
Moodle moodle 1.9.2
Moodle moodle-1.9.7.tgz
http://download.moodle.org/stable19/moodle-1.9.7.tgz
Moodle moodle 1.9.3
Moodle moodle-1.9.7.tgz
http://download.moodle.org/stable19/moodle-1.9.7.tgz
Moodle moodle 1.9.3
Moodle moodle-1.9.7.tgz
http://download.moodle.org/stable19/moodle-1.9.7.tgz
Moodle moodle 1.9.4
Moodle moodle-1.9.7.tgz
http://download.moodle.org/stable19/moodle-1.9.7.tgz
Moodle moodle 1.9.6
Moodle moodle-1.9.7.tgz
http://download.moodle.org/stable19/moodle-1.9.7.tgz
参考网址
来源:SECUNIA
链接:http://secunia.com/advisories/37614
来源:FEDORA
链接:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.HTML
来源:CONFIRM
链接:http://docs.moodle.org/en/Moodle_1.9.7_release_notes
来源:CONFIRM
链接:http://docs.moodle.org/en/Moodle_1.8.11_release_notes
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2009/3455
来源:BID
链接:https://www.securityfocus.com/bid/37244
来源:FEDORA
链接:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.HTML
来源:FEDORA
链接:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.HTML
来源:CONFIRM
链接:http://moodle.org/mod/forum/discuss.php?d=139107
受影响实体
- Moodle Moodle:1.9.5
- Moodle Moodle:1.9.6
- Moodle Moodle:1.9.4
- Moodle Moodle:1.9.3
- Moodle Moodle:1.9.2
补丁
暂无
评论