CVE-2014-3552 - Vulnerability Details

Vendors	Products
Moodle	Moodle

Link	Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485
http://openwall.com/lists/oss-security/2014/07/21/1
https://moodle.org/mod/forum/discuss.php?d=264261

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-07-29T04:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20140721 Moodle security notifications public", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/07/21/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://moodle.org/mod/forum/discuss.php?d=264261"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3552", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140721 Moodle security notifications public", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/07/21/1"}, {"name": "https://moodle.org/mod/forum/discuss.php?d=264261", "refsource": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=264261"}, {"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485", "refsource": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:16.615Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140721 Moodle security notifications public", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/07/21/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://moodle.org/mod/forum/discuss.php?d=264261"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3552", "datePublished": "2014-07-29T10:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:16.615Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-07-21T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2014-07-29T04:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : [oss-security] 20140721 Moodle security notifications public (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://openwall.com/lists/oss-security/2014/07/21/1 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=264261 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2014-3552 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : [oss-security] 20140721 Moodle security notifications public (string)

refsource : MLIST (string)

url : http://openwall.com/lists/oss-security/2014/07/21/1 (string)

}

1 : { »

name : https://moodle.org/mod/forum/discuss.php?d=264261 (string)

refsource : CONFIRM (string)

url : https://moodle.org/mod/forum/discuss.php?d=264261 (string)

}

2 : { »

name : http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485 (string)

refsource : CONFIRM (string)

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T10:50:16.615Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : [oss-security] 20140721 Moodle security notifications public (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://openwall.com/lists/oss-security/2014/07/21/1 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=264261 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2014-3552 (string)

datePublished : 2014-07-29T10:00:00 (string)

dateReserved : 2014-05-14T00:00:00 (string)

dateUpdated : 2024-08-06T10:50:16.615Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8E52813-E056-4A5C-8BF5-4DD5EF5BF041", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "62156008-2728-4207-AF60-E6330421D102", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "094DCC66-8C95-4DD6-B8DD-FB2D46A2A847", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "D27EBAD4-F6F3-4E6A-8E42-EBB36655376D", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "93169BDD-4F0B-44C9-96C4-5BD0839A9BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "DC1ED608-B1D0-4FFF-B67F-69451C2526C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "8B8A5C78-F69F-43DB-98EE-412D4D8FD83B", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "ECF4F307-508B-4284-8864-DF604C70132B", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "B66679A6-C09F-4675-BE7B-EDBA1F439525", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "74B4B5C5-3132-4B3B-8657-8D905806C9B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "8D36FAFC-56A6-4CD8-9668-00404C46B07E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "93AAC675-554B-4519-85CC-929E917D8E08", "versionEndIncluding": "2.3.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC2A1954-E30F-40EC-BA59-40D29573E7D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "25EA194F-BE9D-49A8-AA35-FC7810C06643", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "2C3888D8-8219-4DE4-8E6C-84F58AFD3B15", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "E15AADAA-EFF5-4116-A683-D2B9824AA353", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "C917E5A8-ABE8-4F01-8580-329836CC2C55", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "70C08FF1-BAA7-4534-98E4-80231C25BC83", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "025832C9-F1A4-4935-892A-8868E401906E", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "D2F95290-BFA3-470A-888C-E1896DD466F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "45A44950-97B6-4AC7-AB41-57D644BA6415", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "B917F1CA-B788-4FE0-9A03-FD7F486DCAA4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9EF03304-032C-4E85-A802-7CDAC89216FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "311BEFF3-A58A-4CA8-BE09-F8D081EA13A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D7D2A1F8-82FF-4C1A-A872-71D93874EEAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "86E79BB0-6017-441C-9B10-00E55FDF0986", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "CA845882-C0F4-4522-94B2-9AA21A08887A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "48F341A8-0AC8-4033-8C99-0249B7289F9E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction."}, {"lang": "es", "value": "El plugin Shibboleth Authentication en auth/shibboleth/index.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11 y 2.5.x anterior a 2.5.7 no comprueba si un ID de sesi\u00f3n est\u00e1 vac\u00edo, lo que permite a usuarios remotos autenticados secuestrar sesiones a trav\u00e9s de interacciones manipuladas de plugins."}], "id": "CVE-2014-3552", "lastModified": "2024-11-21T02:08:21.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-07-29T11:10:32.527", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2014/07/21/1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=264261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/07/21/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=264261"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B8E52813-E056-4A5C-8BF5-4DD5EF5BF041 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 62156008-2728-4207-AF60-E6330421D102 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 094DCC66-8C95-4DD6-B8DD-FB2D46A2A847 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : D27EBAD4-F6F3-4E6A-8E42-EBB36655376D (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 93169BDD-4F0B-44C9-96C4-5BD0839A9BA4 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:* (string)

matchCriteriaId : DC1ED608-B1D0-4FFF-B67F-69451C2526C0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 8B8A5C78-F69F-43DB-98EE-412D4D8FD83B (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.7:*:*:*:*:*:*:* (string)

matchCriteriaId : ECF4F307-508B-4284-8864-DF604C70132B (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.8:*:*:*:*:*:*:* (string)

matchCriteriaId : B66679A6-C09F-4675-BE7B-EDBA1F439525 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 74B4B5C5-3132-4B3B-8657-8D905806C9B2 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 8D36FAFC-56A6-4CD8-9668-00404C46B07E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 93AAC675-554B-4519-85CC-929E917D8E08 (string)

versionEndIncluding : 2.3.11 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BFD575CF-2AF2-443F-841D-F7E25FBD455A (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AC2A1954-E30F-40EC-BA59-40D29573E7D6 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 25EA194F-BE9D-49A8-AA35-FC7810C06643 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 2C3888D8-8219-4DE4-8E6C-84F58AFD3B15 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : E15AADAA-EFF5-4116-A683-D2B9824AA353 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : C917E5A8-ABE8-4F01-8580-329836CC2C55 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 70C08FF1-BAA7-4534-98E4-80231C25BC83 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 025832C9-F1A4-4935-892A-8868E401906E (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.8:*:*:*:*:*:*:* (string)

matchCriteriaId : D2F95290-BFA3-470A-888C-E1896DD466F3 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 45A44950-97B6-4AC7-AB41-57D644BA6415 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.10:*:*:*:*:*:*:* (string)

matchCriteriaId : B917F1CA-B788-4FE0-9A03-FD7F486DCAA4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : CD1B5B42-ECA9-4888-B18E-AD8D282311DB (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 9EF03304-032C-4E85-A802-7CDAC89216FA (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 311BEFF3-A58A-4CA8-BE09-F8D081EA13A8 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : D7D2A1F8-82FF-4C1A-A872-71D93874EEAD (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 86E79BB0-6017-441C-9B10-00E55FDF0986 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:* (string)

matchCriteriaId : CA845882-C0F4-4522-94B2-9AA21A08887A (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 48F341A8-0AC8-4033-8C99-0249B7289F9E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. (string)

}

1 : { »

lang : es (string)

value : El plugin Shibboleth Authentication en auth/shibboleth/index.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11 y 2.5.x anterior a 2.5.7 no comprueba si un ID de sesión está vacío, lo que permite a usuarios remotos autenticados secuestrar sesiones a través de interacciones manipuladas de plugins. (string)

}

]

id : CVE-2014-3552 (string)

lastModified : 2024-11-21T02:08:21.500 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2014-07-29T11:10:32.527 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485 (string)

}

1 : { »

source : secalert@redhat.com (string)

url : http://openwall.com/lists/oss-security/2014/07/21/1 (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=264261 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://openwall.com/lists/oss-security/2014/07/21/1 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=264261 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-287 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object