CVE-2011-4586
Published: 20 July 2012
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Priority
Status
Package | Release | Status |
---|---|---|
moodle Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
quantal |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
raring |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
saucy |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
upstream |
Needs triage
|
|
Patches: other: https://moodle.org/mod/forum/discuss.php?d=191754 |