Описание
Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-4293
- https://github.com/moodle/moodle/commit/05f4555422278190ec24a88466ac43c914a7e5d6
- https://github.com/moodle/moodle/commit/9a380fbb53429713b3c422a3146456dc97205329
- https://github.com/moodle/moodle/commit/e1c2a211f259821910be2cba23679d4176fb00a3
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=e1c2a211f259821910be2cba23679d4176fb00a3
- http://moodle.org/mod/forum/discuss.php?d=182736
- http://openwall.com/lists/oss-security/2011/11/14/1
Пакеты
moodle/moodle
>= 2.0, < 2.0.4
2.0.4
moodle/moodle
>= 2.1, < 2.1.1
2.1.1
Связанные уязвимости
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before ...