What is the severity of CVE-2011-1406?

CVE-2011-1406 is considered to have a moderate severity level due to the potential for credential theft.

How do I fix CVE-2011-1406?

To fix CVE-2011-1406, upgrade to Mahara version 1.3.6 or later to ensure proper handling of HTTPS URLs in the wwwroot configuration.

What versions of Mahara are affected by CVE-2011-1406?

CVE-2011-1406 affects Mahara versions prior to 1.3.6, including various earlier releases.

What is the impact of CVE-2011-1406?

The impact of CVE-2011-1406 allows attackers to potentially intercept user credentials during login if an HTTP URL is used instead of HTTPS.

How can users mitigate the risks associated with CVE-2011-1406?

Users can mitigate risks by ensuring their Mahara installation is configured to use HTTPS and by updating to the latest versions that resolve this vulnerability.

Vulnerability/
CVE-2011-1406

medium

4.3

CWE

13/5/2011

6/8/2024

CVE-2011-1406

First published: Fri May 13 2011(Updated: )

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mahara Mahara	=1.1.0-beta4
Mahara Mahara	=1.1.6
Mahara Mahara	=1.2.0
Mahara Mahara	=0.9.1
Mahara Mahara	=1.1.2
Mahara Mahara	=1.2.3
Mahara Mahara	=1.0.4
Mahara Mahara	=1.1.7
Mahara Mahara	=1.2.1
Mahara Mahara	=1.3.2
Mahara Mahara	=0.9.2
Mahara Mahara	=1.0.1
Mahara Mahara	=1.0.8
Mahara Mahara	=1.2.0-rc1
Mahara Mahara	=1.2.0-alpha1
Mahara Mahara	=1.0.12
Mahara Mahara	=1.0.15
Mahara Mahara	=1.0.6
Mahara Mahara	=1.3.0-beta1
Mahara Mahara	=1.0.9
Mahara Mahara	=1.2.0-alpha2
Mahara Mahara	=1.3.0-rc1
Mahara Mahara	=1.1.9
Mahara Mahara	<=1.3.5
Mahara Mahara	=1.0.5
Mahara Mahara	=1.1
Mahara Mahara	=1.2.0-beta4
Mahara Mahara	=1.1.0-alpha3
Mahara Mahara	=1.1.4
Mahara Mahara	=1.2.0-alpha3
Mahara Mahara	=1.2.0-beta2
Mahara Mahara	=1.2.6
Mahara Mahara	=1.3.0
Mahara Mahara	=1.0.2
Mahara Mahara	=1.1.0-beta1
Mahara Mahara	=1.0.3
Mahara Mahara	=1.0.13
Mahara Mahara	=1.3.1
Mahara Mahara	=1.0.10
Mahara Mahara	=1.1.0-rc2
Mahara Mahara	=1.1.1
Mahara Mahara	=1.3.0-beta2
Mahara Mahara	=1.1.8
Mahara Mahara	=1.1.0-beta3
Mahara Mahara	=1.2.4
Mahara Mahara	=1.1.0-alpha1
Mahara Mahara	=1.3.0-beta3
Mahara Mahara	=1.1.0-alpha2
Mahara Mahara	=1.2.2
Mahara Mahara	=1.2.5
Mahara Mahara	=1.1.3
Mahara Mahara	=1.3.4
Mahara Mahara	=1.0.7
Mahara Mahara	=1.0.0
Mahara Mahara	=1.1.0
Mahara Mahara	=1.1.5
Mahara Mahara	=1.2.0-beta1
Mahara Mahara	=1.1.0-beta2
Mahara Mahara	=1.1.0-rc1
Mahara Mahara	=1.2.0-beta3
Mahara Mahara	=1.3.3
Mahara Mahara	=1.0.14
Mahara Mahara	=1.3.0-beta4
Mahara Mahara	=1.0.11
Mahara Mahara	=0.9.0

Remedy

https://launchpad.net/mahara/+bug/685942

Remedy

https://launchpad.net/mahara/+milestone/1.3.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1406?
CVE-2011-1406 is considered to have a moderate severity level due to the potential for credential theft.
How do I fix CVE-2011-1406?
To fix CVE-2011-1406, upgrade to Mahara version 1.3.6 or later to ensure proper handling of HTTPS URLs in the wwwroot configuration.
What versions of Mahara are affected by CVE-2011-1406?
CVE-2011-1406 affects Mahara versions prior to 1.3.6, including various earlier releases.
What is the impact of CVE-2011-1406?
The impact of CVE-2011-1406 allows attackers to potentially intercept user credentials during login if an HTTP URL is used instead of HTTPS.
How can users mitigate the risks associated with CVE-2011-1406?
Users can mitigate risks by ensuring their Mahara installation is configured to use HTTPS and by updating to the latest versions that resolve this vulnerability.

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/mahara
canonical/mahara mahara
version/mahara mahara/1.1.0-beta4
version/mahara mahara/1.1.6
version/mahara mahara/1.2.0
version/mahara mahara/0.9.1
version/mahara mahara/1.1.2
version/mahara mahara/1.2.3
version/mahara mahara/1.0.4
version/mahara mahara/1.1.7
version/mahara mahara/1.2.1
version/mahara mahara/1.3.2
version/mahara mahara/0.9.2
version/mahara mahara/1.0.1
version/mahara mahara/1.0.8
version/mahara mahara/1.2.0-rc1
version/mahara mahara/1.2.0-alpha1
version/mahara mahara/1.0.12
version/mahara mahara/1.0.15
version/mahara mahara/1.0.6
version/mahara mahara/1.3.0-beta1
version/mahara mahara/1.0.9
version/mahara mahara/1.2.0-alpha2
version/mahara mahara/1.3.0-rc1
version/mahara mahara/1.1.9
version/mahara mahara/1.3.5
version/mahara mahara/1.0.5
version/mahara mahara/1.1
version/mahara mahara/1.2.0-beta4
version/mahara mahara/1.1.0-alpha3
version/mahara mahara/1.1.4
version/mahara mahara/1.2.0-alpha3
version/mahara mahara/1.2.0-beta2
version/mahara mahara/1.2.6
version/mahara mahara/1.3.0
version/mahara mahara/1.0.2
version/mahara mahara/1.1.0-beta1
version/mahara mahara/1.0.3
version/mahara mahara/1.0.13
version/mahara mahara/1.3.1
version/mahara mahara/1.0.10
version/mahara mahara/1.1.0-rc2
version/mahara mahara/1.1.1
version/mahara mahara/1.3.0-beta2
version/mahara mahara/1.1.8
version/mahara mahara/1.1.0-beta3
version/mahara mahara/1.2.4
version/mahara mahara/1.1.0-alpha1
version/mahara mahara/1.3.0-beta3
version/mahara mahara/1.1.0-alpha2
version/mahara mahara/1.2.2
version/mahara mahara/1.2.5
version/mahara mahara/1.1.3
version/mahara mahara/1.3.4
version/mahara mahara/1.0.7
version/mahara mahara/1.0.0
version/mahara mahara/1.1.0
version/mahara mahara/1.1.5
version/mahara mahara/1.2.0-beta1
version/mahara mahara/1.1.0-beta2
version/mahara mahara/1.1.0-rc1
version/mahara mahara/1.2.0-beta3
version/mahara mahara/1.3.3
version/mahara mahara/1.0.14
version/mahara mahara/1.3.0-beta4
version/mahara mahara/1.0.11
version/mahara mahara/0.9.0

CVE-2011-1406

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1406?

How do I fix CVE-2011-1406?

What versions of Mahara are affected by CVE-2011-1406?

What is the impact of CVE-2011-1406?

How can users mitigate the risks associated with CVE-2011-1406?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2011-1406?

How do I fix CVE-2011-1406?

What versions of Mahara are affected by CVE-2011-1406?

What is the impact of CVE-2011-1406?

How can users mitigate the risks associated with CVE-2011-1406?