CVE-2015-3175
First published: Mon Jun 01 2015(Updated: )
Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/moodle/moodle | >=2.8.0<2.8.6 | 2.8.6 |
| composer/moodle/moodle | >=2.7.0<2.7.8 | 2.7.8 |
| composer/moodle/moodle | >=2.6.0<2.6.11 | 2.6.11 |
| composer/moodle/moodle | <=2.5.9 | |
| Moodle | <=2.5.9 | |
| Moodle | =2.5.0 | |
| Moodle | =2.5.1 | |
| Moodle | =2.5.2 | |
| Moodle | =2.5.3 | |
| Moodle | =2.5.4 | |
| Moodle | =2.5.5 | |
| Moodle | =2.5.6 | |
| Moodle | =2.5.7 | |
| Moodle | =2.5.8 | |
| Moodle | =2.6.0 | |
| Moodle | =2.6.1 | |
| Moodle | =2.6.2 | |
| Moodle | =2.6.3 | |
| Moodle | =2.6.4 | |
| Moodle | =2.6.5 | |
| Moodle | =2.6.6 | |
| Moodle | =2.6.7 | |
| Moodle | =2.6.8 | |
| Moodle | =2.6.9 | |
| Moodle | =2.6.10 | |
| Moodle | =2.7.0 | |
| Moodle | =2.7.1 | |
| Moodle | =2.7.2 | |
| Moodle | =2.7.3 | |
| Moodle | =2.7.4 | |
| Moodle | =2.7.5 | |
| Moodle | =2.7.6 | |
| Moodle | =2.7.7 | |
| Moodle | =2.8.0 | |
| Moodle | =2.8.1 | |
| Moodle | =2.8.2 | |
| Moodle | =2.8.3 | |
| Moodle | =2.8.4 | |
| Moodle | =2.8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179
- http://openwall.com/lists/oss-security/2015/05/18/1
- http://www.securityfocus.com/bid/74720
- http://www.securitytracker.com/id/1032358
- https://moodle.org/mod/forum/discuss.php?d=313682
- https://nvd.nist.gov/vuln/detail/CVE-2015-3175
- https://github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a
- https://github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8
- https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358
- https://web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720
- https://github.com/advisories/GHSA-h798-h7ff-93xv (Advisory)
- https://github.com/moodle/moodle/commit/db200a8e9f88c8c4a2141ac264062dca74ee2f29
Frequently Asked Questions
What is the severity of CVE-2015-3175?
CVE-2015-3175 is considered a medium severity vulnerability due to its potential for exploitation in phishing attacks.
How do I fix CVE-2015-3175?
To fix CVE-2015-3175, upgrade Moodle to versions 2.6.11, 2.7.8, or 2.8.6 or later.
What kind of attack can be performed using CVE-2015-3175?
CVE-2015-3175 allows attackers to perform open redirect attacks, leading users to arbitrary websites.
Which versions of Moodle are affected by CVE-2015-3175?
CVE-2015-3175 affects Moodle versions up to 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6.
Is there a workaround for CVE-2015-3175 while waiting for an update?
There is no specific workaround for CVE-2015-3175; the recommended action is to upgrade to a fixed version.
- agent/author
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-h798-h7ff-93xv
- alias/CVE-2015-3175
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/moodle
- canonical/moodle
- version/moodle/2.5.9
- version/moodle/2.5.0
- version/moodle/2.5.1
- version/moodle/2.5.2
- version/moodle/2.5.3
- version/moodle/2.5.4
- version/moodle/2.5.5
- version/moodle/2.5.6
- version/moodle/2.5.7
- version/moodle/2.5.8
- version/moodle/2.6.0
- version/moodle/2.6.1
- version/moodle/2.6.2
- version/moodle/2.6.3
- version/moodle/2.6.4
- version/moodle/2.6.5
- version/moodle/2.6.6
- version/moodle/2.6.7
- version/moodle/2.6.8
- version/moodle/2.6.9
- version/moodle/2.6.10
- version/moodle/2.7.0
- version/moodle/2.7.1
- version/moodle/2.7.2
- version/moodle/2.7.3
- version/moodle/2.7.4
- version/moodle/2.7.5
- version/moodle/2.7.6
- version/moodle/2.7.7
- version/moodle/2.8.0
- version/moodle/2.8.1
- version/moodle/2.8.2
- version/moodle/2.8.3
- version/moodle/2.8.4
- version/moodle/2.8.5