CVE-2013-4522

Опубликовано: 26 нояб. 2013

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server.

Ссылки

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38743
Exploit
Patch
http://openwall.com/lists/oss-security/2013/11/25/1
https://moodle.org/mod/forum/discuss.php?d=244479
Vendor Advisory
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38743
Exploit
Patch
http://openwall.com/lists/oss-security/2013/11/25/1
https://moodle.org/mod/forum/discuss.php?d=244479
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 2.2.11 (включая)

cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.5.0:beta:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.6.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.6.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.7.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.11:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.12:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.13:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.8.14:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.12:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.13:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.14:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.15:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.16:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.17:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:1.9.18:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00283

Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2013-4522

ubuntu

больше 11 лет назад

CVE-2013-4522

debian

больше 11 лет назад

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x b ...

GHSA-vm9c-39jx-q45w

github

около 3 лет назад

Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

EPSS

Процентиль: 51%

0.00283

Низкий

5 Medium

CVSS2

Дефекты

CWE-200