Candidate: CVE-2012-3394
PublicDate: 2012-07-23 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3394
 http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7
 http://openwall.com/lists/oss-security/2012/07/17/1
Description:
 auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before
 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an
 https LDAP login URL to an http URL, which allows remote attackers to
 obtain sensitive information by sniffing the network.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682203
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.2.3.dfsg-2.1)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected
natty_moodle: not-affected
oneiric_moodle: not-affected
precise_moodle: not-affected
devel_moodle: not-affected (2.2.3.dfsg-2.1)