Name: CVE-2009-0499 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0499 Assigned: 20090209 Reference: MLIST:[oss-security] 20090204 CVS request - Moodle Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/04/1 Reference: CONFIRM: http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15 Reference: CONFIRM: http://moodle.org/security/ Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php. Additional information from upstream (http://moodle.org/security/) MSA-09-0008: CSRF vulnerability in forum code Versions affected: < 1.9.4, < 1.8.8, < 1.7.7 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15 http://cvs.moodle.org/moodle/mod/forum/prune.html?r1=1.8&r2=1.8.4.1 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.15&r2=1.154.2.16
Created moodle tracking bugs for this issue CVE-2009-0499 Affects: F10 [bug #484917] CVE-2009-0499 Affects: F9 [bug #484918] CVE-2009-0499 Affects: Fdevel [bug #484919] CVE-2009-0499 Affects: epel-4 [bug #484920] CVE-2009-0499 Affects: epel-5 [bug #484921]
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-1699 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-1641