Vulnerability Description
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 2.0.0 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=e1c2a211f259821910be2cba236
- http://moodle.org/mod/forum/discuss.php?d=182736Vendor Advisory
- http://openwall.com/lists/oss-security/2011/11/14/1
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=e1c2a211f259821910be2cba236
- http://moodle.org/mod/forum/discuss.php?d=182736Vendor Advisory
- http://openwall.com/lists/oss-security/2011/11/14/1
FAQ
What is CVE-2011-4293?
CVE-2011-4293 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass ...
How severe is CVE-2011-4293?
CVE-2011-4293 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4293?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.