PT-2016-1300 · Moodle · Moodle

Frédéric Massart

Published

2015-12-05

Updated

2020-12-01

CVE-2015-5332

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Moodle versions 2.8.x through 2.8.8 Moodle versions 2.9.x through 2.9.2

Description The issue is related to resource management errors in the Atto component of the Moodle learning management system. It can be exploited by a remote attacker using the guest role and the editor-autosave feature, potentially leading to a denial of service due to disk consumption.

Recommendations For Moodle versions 2.8.x through 2.8.8, update to version 2.8.9 or later. For Moodle versions 2.9.x through 2.9.2, update to version 2.9.3 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2016-00597

CVE-2015-5332

MGASA-2015-0464

Affected Products

Moodle

PT-2016-1300 · Moodle · Moodle

CVE-2015-5332

Weakness Enumeration

Related Identifiers

Affected Products

References · 19