Описание
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-4586
- https://bugzilla.redhat.com/show_bug.cgi?id=761248
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=581e8dba387f090d89382115fd850d8b44351526
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=581e8dba387f090d89382115fd850d8b44351526
- http://moodle.org/mod/forum/discuss.php?d=191754
- http://www.debian.org/security/2012/dsa-2421
EPSS
CVE ID
Связанные уязвимости
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CRLF injection vulnerability in calendar/set.php in the Calendar subsy ...
EPSS