Main Vulnerability Database Vulnerabilities #VU43836

Input validation error in Moodle - CVE-2011-4586

Published: July 20, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43836

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-4586

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

How to mitigate CVE-2011-4586

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=581e8dba387f090d89382115fd850d8b44351526
http://moodle.org/mod/forum/discuss.php?d=191754
http://www.debian.org/security/2012/dsa-2421
https://bugzilla.redhat.com/show_bug.cgi?id=761248

Input validation error in Moodle - CVE-2011-4586

Detailed vulnerability description

How to mitigate CVE-2011-4586

Sources

Please verify you're human