PT-2016-1288 · Moodle · Moodle

Publicado

2015-08-03

Atualizado

2022-05-13

CVE-2015-3272

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions 2.6.11 and earlier Moodle versions 2.7.x before 2.7.9 Moodle versions 2.8.x before 2.8.7 Moodle versions 2.9.x before 2.9.1

Description The issue is related to an open redirect vulnerability in the clean param function. This vulnerability allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.

Recommendations For Moodle versions 2.6.11 and earlier, update to a version later than 2.6.11. For Moodle versions 2.7.x before 2.7.9, update to version 2.7.9 or later. For Moodle versions 2.8.x before 2.8.7, update to version 2.8.7 or later. For Moodle versions 2.9.x before 2.9.1, update to version 2.9.1 or later.

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

BDU:2016-00585

CVE-2015-3272

GHSA-2HW2-H3MF-C2J9

MGASA-2015-0302

Produtos afetados

Moodle

PT-2016-1288 · Moodle · Moodle

CVE-2015-3272

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24