CVE-2015-3175

Sažetak

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.

Reference

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179
http://openwall.com/lists/oss-security/2015/05/18/1
http://www.securityfocus.com/bid/74720
http://www.securitytracker.com/id/1032358
https://moodle.org/mod/forum/discuss.php?d=313682

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

01-12-2020 - 14:54

Objavljeno

01-06-2015 - 19:59