Bug 484916 - (CVE-2009-0499) CVE-2009-0499 moodle: CSRF vuln in forum code
CVE-2009-0499 moodle: CSRF vuln in forum code
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
impact=moderate,source=cve,reported=2...
: Security
Depends On: 484917 484918 484919 484920 484921
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-10 13:05 EST by Vincent Danen
Modified: 2016-03-04 06:50 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-02-19 03:02:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2009-02-10 13:05:57 EST
Name: CVE-2009-0499
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0499
Assigned: 20090209
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM: http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
Reference: CONFIRM: http://moodle.org/security/

Cross-site request forgery (CSRF) vulnerability in the forum code in
Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows
remote attackers to delete unauthorized forum posts via a link or IMG
tag to post.php.


Additional information from upstream (http://moodle.org/security/)

MSA-09-0008: CSRF vulnerability in forum code
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7 
http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
http://cvs.moodle.org/moodle/mod/forum/prune.html?r1=1.8&r2=1.8.4.1
http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.15&r2=1.154.2.16
Comment 1 Vincent Danen 2009-02-10 13:06:38 EST
Created moodle tracking bugs for this issue

CVE-2009-0499 Affects: F10 [bug #484917]
CVE-2009-0499 Affects: F9 [bug #484918]
CVE-2009-0499 Affects: Fdevel [bug #484919]
CVE-2009-0499 Affects: epel-4 [bug #484920]
CVE-2009-0499 Affects: epel-5 [bug #484921]
Comment 2 Red Hat Product Security 2009-02-19 03:02:29 EST
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F10/FEDORA-2009-1699
  https://admin.fedoraproject.org/updates/F9/FEDORA-2009-1641

Note You need to log in before you can comment on or make changes to this bug.