CVE-2012-2239

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-2239
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://mahara.org/interaction/forum/topic.php?id=4869 Vendor Advisory
https://bugs.launchpad.net/mahara/+bug/1047111 Issue Tracking Patch
http://www.debian.org/security/2012/dsa-2591 Mailing List
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
History

15 Feb 2024, 03:19

Type Values Removed Values Added
First Time Debian
Debian debian Linux
CPE cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*		 cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
References (CONFIRM) https://bugs.launchpad.net/mahara/+bug/1047111 - (CONFIRM) https://bugs.launchpad.net/mahara/+bug/1047111 - Issue Tracking, Patch
References (DEBIAN) http://www.debian.org/security/2012/dsa-2591 - (DEBIAN) http://www.debian.org/security/2012/dsa-2591 - Mailing List
CVSS v2 : 6.4
v3 : unknown 		v2 : 6.4
v3 : 9.1
CWE CWE-94 CWE-611
Information

Published : 2012-11-24 20:55

Updated : 2024-02-15 03:19

NVD link : CVE-2012-2239

Mitre link : CVE-2012-2239

JSON object : View

Products Affected

debian

  • debian_linux

mahara

  • mahara
CWE
CWE-611

Improper Restriction of XML External Entity Reference