CVE-2011-1406

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
maharamahara
𝑥
≤ 1.3.5
maharamahara
0.9.0
maharamahara
0.9.1
maharamahara
0.9.2
maharamahara
1.0.0
maharamahara
1.0.1
maharamahara
1.0.2
maharamahara
1.0.3
maharamahara
1.0.4
maharamahara
1.0.5
maharamahara
1.0.6
maharamahara
1.0.7
maharamahara
1.0.8
maharamahara
1.0.9
maharamahara
1.0.10
maharamahara
1.0.11
maharamahara
1.0.12
maharamahara
1.0.13
maharamahara
1.0.14
maharamahara
1.0.15
maharamahara
1.1
maharamahara
1.1.0
maharamahara
1.1.0:alpha1
maharamahara
1.1.0:alpha2
maharamahara
1.1.0:alpha3
maharamahara
1.1.0:beta1
maharamahara
1.1.0:beta2
maharamahara
1.1.0:beta3
maharamahara
1.1.0:beta4
maharamahara
1.1.0:rc1
maharamahara
1.1.0:rc2
maharamahara
1.1.1
maharamahara
1.1.2
maharamahara
1.1.3
maharamahara
1.1.4
maharamahara
1.1.5
maharamahara
1.1.6
maharamahara
1.1.7
maharamahara
1.1.8
maharamahara
1.1.9
maharamahara
1.2.0
maharamahara
1.2.0:alpha1
maharamahara
1.2.0:alpha2
maharamahara
1.2.0:alpha3
maharamahara
1.2.0:beta1
maharamahara
1.2.0:beta2
maharamahara
1.2.0:beta3
maharamahara
1.2.0:beta4
maharamahara
1.2.0:rc1
maharamahara
1.2.1
maharamahara
1.2.2
maharamahara
1.2.3
maharamahara
1.2.4
maharamahara
1.2.5
maharamahara
1.2.6
maharamahara
1.3.0
maharamahara
1.3.0:beta1
maharamahara
1.3.0:beta2
maharamahara
1.3.0:beta3
maharamahara
1.3.0:beta4
maharamahara
1.3.0:rc1
maharamahara
1.3.1
maharamahara
1.3.2
maharamahara
1.3.3
maharamahara
1.3.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
natty
Fixed 1.2.7-1ubuntu0.1
released
maverick
Fixed 1.2.5-2ubuntu0.2
released
lucid
Fixed 1.2.4-1ubuntu0.3
released
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://www.debian.org/security/2011/dsa-2246
https://exchange.xforce.ibmcloud.com/vulnerabilities/67400
https://launchpad.net/mahara/+bug/685942
https://launchpad.net/mahara/+milestone/1.3.6
http://www.debian.org/security/2011/dsa-2246
https://exchange.xforce.ibmcloud.com/vulnerabilities/67400
https://launchpad.net/mahara/+bug/685942
https://launchpad.net/mahara/+milestone/1.3.6