Detections
Analytics
openSUSE 10 Security Update : moodle (moodle-5439)
medium Nessus Plugin ID 33513
Synopsis
The remote openSUSE host is missing a security update.Description
An incorrect input validation in moodle could be exploited by attackers to conduct cross site scripting attacks (CVE-2008-1502).Solution
Update the affected moodle packages.Plugin Details
Severity: Medium
ID: 33513
File Name: suse_moodle-5439.nasl
Version: 1.12
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 7/16/2008
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:moodle-pt, p-cpe:/a:novell:opensuse:moodle-kn, p-cpe:/a:novell:opensuse:moodle-ja, p-cpe:/a:novell:opensuse:moodle-nn, p-cpe:/a:novell:opensuse:moodle-sq, p-cpe:/a:novell:opensuse:moodle-bg, p-cpe:/a:novell:opensuse:moodle-ar, p-cpe:/a:novell:opensuse:moodle-pl, p-cpe:/a:novell:opensuse:moodle-hi, p-cpe:/a:novell:opensuse:moodle-is, p-cpe:/a:novell:opensuse:moodle-ko, p-cpe:/a:novell:opensuse:moodle-fi, p-cpe:/a:novell:opensuse:moodle-vi, p-cpe:/a:novell:opensuse:moodle-de_du, p-cpe:/a:novell:opensuse:moodle-fr, p-cpe:/a:novell:opensuse:moodle-no, p-cpe:/a:novell:opensuse:moodle-ga, p-cpe:/a:novell:opensuse:moodle-af, p-cpe:/a:novell:opensuse:moodle, p-cpe:/a:novell:opensuse:moodle-lt, p-cpe:/a:novell:opensuse:moodle-fa, p-cpe:/a:novell:opensuse:moodle-be, p-cpe:/a:novell:opensuse:moodle-hu, p-cpe:/a:novell:opensuse:moodle-et, p-cpe:/a:novell:opensuse:moodle-km, p-cpe:/a:novell:opensuse:moodle-es, p-cpe:/a:novell:opensuse:moodle-mi_tn, p-cpe:/a:novell:opensuse:moodle-sk, p-cpe:/a:novell:opensuse:moodle-sv, p-cpe:/a:novell:opensuse:moodle-tr, p-cpe:/a:novell:opensuse:moodle-ms, p-cpe:/a:novell:opensuse:moodle-sl, p-cpe:/a:novell:opensuse:moodle-it, cpe:/o:novell:opensuse:10.2, p-cpe:/a:novell:opensuse:moodle-hr, p-cpe:/a:novell:opensuse:moodle-id, p-cpe:/a:novell:opensuse:moodle-da, cpe:/o:novell:opensuse:10.3, p-cpe:/a:novell:opensuse:moodle-ro, p-cpe:/a:novell:opensuse:moodle-cs, p-cpe:/a:novell:opensuse:moodle-el, p-cpe:/a:novell:opensuse:moodle-nl, p-cpe:/a:novell:opensuse:moodle-gl, p-cpe:/a:novell:opensuse:moodle-ca, p-cpe:/a:novell:opensuse:moodle-he, p-cpe:/a:novell:opensuse:moodle-ru, p-cpe:/a:novell:opensuse:moodle-so, p-cpe:/a:novell:opensuse:moodle-tl, p-cpe:/a:novell:opensuse:moodle-uk, p-cpe:/a:novell:opensuse:moodle-eu, p-cpe:/a:novell:opensuse:moodle-bs, p-cpe:/a:novell:opensuse:moodle-sr, p-cpe:/a:novell:opensuse:moodle-de, p-cpe:/a:novell:opensuse:moodle-th, p-cpe:/a:novell:opensuse:moodle-zh_cn, p-cpe:/a:novell:opensuse:moodle-lv, p-cpe:/a:novell:opensuse:moodle-ka
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/15/2008
Exploitable With
CANVAS (D2ExploitPack)
Elliot (Moodle <= 1.8.4 RCE)
Reference Information
CVE: CVE-2008-1502
CWE: 79