mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
252 lines
9.3 KiB
JSON
252 lines
9.3 KiB
JSON
{
|
|
"id": "CVE-2015-3272",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2016-02-22T05:59:00.117",
|
|
"lastModified": "2020-12-01T14:54:45.183",
|
|
"vulnStatus": "Modified",
|
|
"evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/601.html\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de redirecci\u00f3n abierta en la funci\u00f3n clean_param en lib/moodlelib.php en Moodle hasta la versi\u00f3n 2.6.11, 2.7.x en versiones anteriores a 2.7.9, 2.8.x en versiones anteriores a 2.8.7 y 2.9.x en versiones anteriores a 2.9.1 permite a atacantes remotos redirigir usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de vectores que implican una cabecera HTTP Referer que tiene una subcadena coincidente con una URL local."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.4,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 4.0
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.8
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "05112EC5-3AAA-499B-8763-345187529C09"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "71407960-077B-4407-B249-789436687D91"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "72728F94-D408-4CAD-A214-800B1D1C7971"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "33C1E9B5-6B2B-4230-92F2-EC0FB307ECF4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6925A366-37EB-41ED-85C8-B56D6A93D4EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A6400F9D-9654-444F-9EBB-0F73025AD744"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "66ED87A3-8237-4182-BEF5-052346067737"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "57441C51-2ADB-48B9-A655-82D6B1071C26"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0E8D7276-415B-4394-8CBE-53EB40B8C5BB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "65CA6C47-3E85-4639-9E04-E9E63D0CED06"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.6.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "105490A4-7F97-467C-9015-069CE25980EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4E051AAC-EB40-491F-AF0E-EE8143C12567"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FADBE87F-1855-453B-B958-0CB8A7908A06"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1B53A7D2-BDA2-4185-97C3-977A04876A37"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A51DFFA8-DFF0-429C-B697-F82F41621FEE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "19FD1565-0DA1-4BA8-A501-86F13D3D29ED"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6D82CFE8-C38D-4FF3-BC4F-6C27AD64D9A3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FEB754AF-3DA4-4459-A53B-3BC7B78CE313"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F57E8383-C3F3-480C-B9A9-49633DAAEC18"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "645E8B7B-1AE6-4F46-AFA9-7506685CD571"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12737AF4-B2D5-4661-B06A-6A06FE95EC2D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "88C59A94-D225-478A-B23E-41C4324BC643"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "192EA69B-A1E1-4E0D-8E73-76EB74CCDE49"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D88385B1-EEFB-4825-BD8F-215C39FD86DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A3BE2782-D167-4237-B57D-2E4C04571524"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F277F979-12FA-47A5-B0A5-D174C2127A7D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "38498617-8E45-4E73-AE9F-C7A0D18FDE47"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C9224D94-1C48-468C-A39B-B2694ED178F4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2015/07/13/2",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1032877",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://moodle.org/mod/forum/discuss.php?d=316662",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |