CVE-2011-1406

EUVD-2011-1413
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
maharamahara
𝑥
≤ 1.3.5
maharamahara
0.9.0
maharamahara
0.9.1
maharamahara
0.9.2
maharamahara
1.0.0
maharamahara
1.0.1
maharamahara
1.0.2
maharamahara
1.0.3
maharamahara
1.0.4
maharamahara
1.0.5
maharamahara
1.0.6
maharamahara
1.0.7
maharamahara
1.0.8
maharamahara
1.0.9
maharamahara
1.0.10
maharamahara
1.0.11
maharamahara
1.0.12
maharamahara
1.0.13
maharamahara
1.0.14
maharamahara
1.0.15
maharamahara
1.1
maharamahara
1.1.0
maharamahara
1.1.0:alpha1
maharamahara
1.1.0:alpha2
maharamahara
1.1.0:alpha3
maharamahara
1.1.0:beta1
maharamahara
1.1.0:beta2
maharamahara
1.1.0:beta3
maharamahara
1.1.0:beta4
maharamahara
1.1.0:rc1
maharamahara
1.1.0:rc2
maharamahara
1.1.1
maharamahara
1.1.2
maharamahara
1.1.3
maharamahara
1.1.4
maharamahara
1.1.5
maharamahara
1.1.6
maharamahara
1.1.7
maharamahara
1.1.8
maharamahara
1.1.9
maharamahara
1.2.0
maharamahara
1.2.0:alpha1
maharamahara
1.2.0:alpha2
maharamahara
1.2.0:alpha3
maharamahara
1.2.0:beta1
maharamahara
1.2.0:beta2
maharamahara
1.2.0:beta3
maharamahara
1.2.0:beta4
maharamahara
1.2.0:rc1
maharamahara
1.2.1
maharamahara
1.2.2
maharamahara
1.2.3
maharamahara
1.2.4
maharamahara
1.2.5
maharamahara
1.2.6
maharamahara
1.3.0
maharamahara
1.3.0:beta1
maharamahara
1.3.0:beta2
maharamahara
1.3.0:beta3
maharamahara
1.3.0:beta4
maharamahara
1.3.0:rc1
maharamahara
1.3.1
maharamahara
1.3.2
maharamahara
1.3.3
maharamahara
1.3.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
dapper
dne
hardy
dne
lucid
Fixed 1.2.4-1ubuntu0.3
released
maverick
Fixed 1.2.5-2ubuntu0.2
released
natty
Fixed 1.2.7-1ubuntu0.1
released
Common Weakness Enumeration
References
http://www.debian.org/security/2011/dsa-2246
https://exchange.xforce.ibmcloud.com/vulnerabilities/67400
https://launchpad.net/mahara/+bug/685942
https://launchpad.net/mahara/+milestone/1.3.6
http://www.debian.org/security/2011/dsa-2246
https://exchange.xforce.ibmcloud.com/vulnerabilities/67400
https://launchpad.net/mahara/+bug/685942
https://launchpad.net/mahara/+milestone/1.3.6