Description

theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.

Remediation

References

CVE-2012-4403

Related Vulnerabilities

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-32565)

WordPress Plugin iQ Block Country Unspecified Vulnerability (1.1.33)

WordPress Plugin Indexisto WordPress Site Search Cross-Site Scripting (1.0.5)

WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4408)

Severity

Medium

Classification

CVE-2012-4403 CWE-200

Tags

Missing Update Known Vulnerabilities