CVE-2011-4203

Name of the Vulnerable Software and Affected Versions Moodle versions 1.9.x through 1.9.14 Moodle versions 2.0.x through 2.0.5 Moodle versions 2.1.x through 2.1.2 Moodle version 2.2

Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. This is a CRLF injection vulnerability in the calendar/set.php file in the Calendar component.

Recommendations For Moodle versions 1.9.x through 1.9.14, update to version 1.9.15 or later. For Moodle versions 2.0.x through 2.0.5, update to version 2.0.6 or later. For Moodle versions 2.1.x through 2.1.2, update to version 2.1.3 or later. For Moodle version 2.2, update to a version that includes the fix for this issue, as version 2.2 is affected but no specific fixed version is mentioned in the provided data.