Vulnerability Description
Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mahara | Mahara | >= 16.10.0, < 16.10.7 |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/mahara/+bug/1734767Third Party Advisory
- https://mahara.org/interaction/forum/topic.php?id=8150Vendor Advisory
- https://reviews.mahara.org/#/c/8312/Vendor Advisory
- https://bugs.launchpad.net/mahara/+bug/1734767Third Party Advisory
- https://mahara.org/interaction/forum/topic.php?id=8150Vendor Advisory
- https://reviews.mahara.org/#/c/8312/Vendor Advisory
FAQ
What is CVE-2017-17455?
CVE-2017-17455 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTT...
How severe is CVE-2017-17455?
CVE-2017-17455 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17455?
Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara.