CVE-2011-4302

EPSS 0.13%
Published 11.07.2012 10:26:10
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Moodle ≫ Moodle Version1.9.2

Moodle ≫ Moodle Version1.9.3

Moodle ≫ Moodle Version1.9.4

Moodle ≫ Moodle Version1.9.5

Moodle ≫ Moodle Version1.9.6

Moodle ≫ Moodle Version1.9.7

Moodle ≫ Moodle Version1.9.8

Moodle ≫ Moodle Version1.9.9

Moodle ≫ Moodle Version1.9.10

Moodle ≫ Moodle Version1.9.11

Moodle ≫ Moodle Version1.9.12

Moodle ≫ Moodle Version1.9.13

Moodle ≫ Moodle Version2.0.0

Moodle ≫ Moodle Version2.0.1

Moodle ≫ Moodle Version2.0.2

Moodle ≫ Moodle Version2.0.3

Moodle ≫ Moodle Version2.0.4

Moodle ≫ Moodle Version2.1.0

Moodle ≫ Moodle Version2.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.296

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://bugzilla.redhat.com/show_bug.cgi?id=747444

Patch

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=54941685e3e86ec085641dcb7ebb1f96f06735b2

http://moodle.org/mod/forum/discuss.php?d=188314

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2011-4302

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4302

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4302

EUVD