Vulnerabilities > CVE-2015-3175 - Unspecified vulnerability in Moodle
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN moodle
nessus
Summary
Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-14996.NASL description moodle-2.7.9-1.fc21 - 2.7.9. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-09-16 plugin id 85956 published 2015-09-16 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85956 title Fedora 21 : moodle-2.7.9-1.fc21 (2015-14996) NASL family Fedora Local Security Checks NASL id FEDORA_2015-14987.NASL description moodle-2.9.1-1.fc23 - 2.9.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-09-21 plugin id 86032 published 2015-09-21 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86032 title Fedora 23 : moodle-2.9.1-1.fc23 (2015-14987) NASL family Fedora Local Security Checks NASL id FEDORA_2015-14988.NASL description moodle-2.8.7-1.fc22 - Latest upstream release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-09-16 plugin id 85955 published 2015-09-16 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85955 title Fedora 22 : moodle-2.8.7-1.fc22 (2015-14988)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179
- http://openwall.com/lists/oss-security/2015/05/18/1
- http://openwall.com/lists/oss-security/2015/05/18/1
- http://www.securityfocus.com/bid/74720
- http://www.securityfocus.com/bid/74720
- http://www.securitytracker.com/id/1032358
- http://www.securitytracker.com/id/1032358
- https://moodle.org/mod/forum/discuss.php?d=313682
- https://moodle.org/mod/forum/discuss.php?d=313682