Описание
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.3.6-1 |
| hardy | DNE | |
| lucid | released | 1.2.4-1ubuntu0.3 |
| maverick | released | 1.2.5-2ubuntu0.2 |
| natty | released | 1.2.7-1ubuntu0.1 |
| upstream | released | 1.3.6 |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
Связанные уязвимости
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
Mahara before 1.3.6 does not properly handle an https URL in the wwwro ...
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
4.3 Medium
CVSS2