Candidate: CVE-2011-1406
PublicDate: 2011-05-13 22:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1406
Description: 
 Mahara before 1.3.6 does not properly handle an https URL in the wwwroot
 configuration setting, which makes it easier for user-assisted remote
 attackers to obtain credentials by sniffing the network at a time when an
 http URL is used for a login. 
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/780917
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_mahara:
upstream_mahara: released (1.3.6)
dapper_mahara: DNE
hardy_mahara: DNE
lucid_mahara: released (1.2.4-1ubuntu0.3)
maverick_mahara: released (1.2.5-2ubuntu0.2)
natty_mahara: released (1.2.7-1ubuntu0.1)
devel_mahara: not-affected (1.3.6-1)