This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 484916 - (CVE-2009-0499) CVE-2009-0499 moodle: CSRF vuln in forum code
CVE-2009-0499 moodle: CSRF vuln in forum code
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 484917 484918 484919 484920 484921
  Show dependency treegraph
Reported: 2009-02-10 13:05 EST by Vincent Danen
Modified: 2016-03-04 06:50 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-02-19 03:02:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2009-02-10 13:05:57 EST
Name: CVE-2009-0499
Assigned: 20090209
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:
Reference: CONFIRM:
Reference: CONFIRM:

Cross-site request forgery (CSRF) vulnerability in the forum code in
Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows
remote attackers to delete unauthorized forum posts via a link or IMG
tag to post.php.

Additional information from upstream (

MSA-09-0008: CSRF vulnerability in forum code
Versions affected:       < 1.9.4, < 1.8.8, < 1.7.7
Comment 1 Vincent Danen 2009-02-10 13:06:38 EST
Created moodle tracking bugs for this issue

CVE-2009-0499 Affects: F10 [bug #484917]
CVE-2009-0499 Affects: F9 [bug #484918]
CVE-2009-0499 Affects: Fdevel [bug #484919]
CVE-2009-0499 Affects: epel-4 [bug #484920]
CVE-2009-0499 Affects: epel-5 [bug #484921]
Comment 2 Red Hat Product Security 2009-02-19 03:02:29 EST
This issue was addressed in:


Note You need to log in before you can comment on or make changes to this bug.