Vulnerability Name:

CVE-2011-4292 (CCN-67548)

Assigned:2011-05-18
Published:2011-05-18
Updated:2020-12-01
Summary:Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-89
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2011-4292

Source: CONFIRM
Type: Patch
http://git.moodle.org/gw?p=moodle.git;a=commit;h=acb4688d29a7cc028803ee3d81edc7f1b6515c64

Source: CCN
Type: Moodle Web site
Moodle.org: open-source community-based tools for learning

Source: CONFIRM
Type: Vendor Advisory
http://moodle.org/mod/forum/discuss.php?d=175594

Source: CCN
Type: MSA-11-0017
Ability to generate invalid records in the comments table in the database

Source: MLIST
Type: UNKNOWN
[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update

Source: CCN
Type: SA44630
Moodle Multiple Vulnerabilities

Source: CCN
Type: OSVDB ID: 84272
Moodle Crafted Comment Operation Handling Remote DoS

Source: CCN
Type: BID-47920
Moodle Prior to 1.9.12/2.0.3 Multiple Security Vulnerabilities

Source: XF
Type: UNKNOWN
moodle-comments-table-dos(67548)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.0.2:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.0.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    moodle moodle 2.0.1
    moodle moodle 2.0.0
    moodle moodle 2.0.2
    moodle moodle 2.0
    moodle moodle 2.0.1
    moodle moodle 2.0.2