漏洞信息详情

Moodle Snoopy 跨站脚本漏洞

  • CNNVD编号:CNNVD-200902-249
  • 危害等级: 中危
  • CVE编号: CVE-2009-0502
  • 漏洞类型: 跨站脚本
  • 发布时间: 2009-02-10
  • 威胁类型: 远程
  • 更新时间: 2022-07-01
  • 厂        商: snoopy
  • 漏洞来源: The Rat

漏洞简介

Moodle是一套免费、开源的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。Snoopy是一款模拟Web浏览器的PHP类,它提供网页内容检索和表单发布等功能。

Snoopy 1.2.3版本中的blocks/html/block_html.php存在跨站脚本漏洞。当在Moodle 1.6.9之前的1.6,1.7.7之前的1.7,1.8.8之前的1.8以及1.9.4之前的1.9版本中使用时,远程攻击者可以借助一个HTML block,注入任意的web脚本或HTML。当\"以...身份登录\"特性用于访问一个MyMoodle或日志页时,该HTML block未得到合适的处理。

漏洞公告

厂商发布了相关更新以解决该漏洞。

Debian Linux 4.0 arm

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb

Debian Linux 4.0 powerpc

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.10 i386

Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb

Ubuntu Ubuntu Linux 8.04 LTS sparc

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Debian Linux 4.0 m68k

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Moodle moodle 1.6.1 +

Moodle moodle-1.6.9.tgz

http://download.moodle.org/download.php/stable16/moodle-1.6.9.tgz

Ubuntu Ubuntu Linux 8.04 LTS amd64

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Ubuntu Ubuntu Linux 8.04 LTS lpia

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Moodle moodle 1.9

Moodle moodle-1.9.4.tgz

http://download.moodle.org/download.php/stable19/moodle-1.9.4.tgz

Ubuntu Ubuntu Linux 8.10 lpia

Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb

Debian Linux 4.0 amd64

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0 ia-32

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0 hppa

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0 sparc

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0 s/390

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.10 sparc

Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb

Debian Linux 4.0 alpha

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.04 LTS i386

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Debian Linux 4.0 mipsel

Debian moodle_1.6.3-2+etch2_all.deb

参考网址

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

来源:DEBIAN

链接:https://www.debian.org/security/2009/dsa-1724

来源:SECUNIA

链接:http://secunia.com/advisories/33955

来源:SECUNIA

链接:http://secunia.com/advisories/34418

来源:MLIST

链接:http://www.openwall.com/lists/oss-security/2009/02/04/1

来源:CONFIRM

链接:http://moodle.org/security/

受影响实体

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多