CVE-2017-17455
First published: Tue Feb 20 2018(Updated: )
Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mahara | >=16.10.0<16.10.7 | |
| Mahara | >=17.04.0<17.04.5 | |
| Mahara | >=17.10.0<17.10.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Mahara vulnerability?
The vulnerability ID for this Mahara vulnerability is CVE-2017-17455.
What is the severity rating of CVE-2017-17455?
The severity rating of CVE-2017-17455 is medium.
What is affected by CVE-2017-17455?
Mahara versions 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are affected by CVE-2017-17455.
How can a man-in-the-middle attack exploit CVE-2017-17455?
A man-in-the-middle attack can exploit CVE-2017-17455 by forcing Mahara to interact on the HTTP protocol instead of HTTPS.
Are there any references available for CVE-2017-17455?
Yes, you can find references for CVE-2017-17455 at the following links: [https://bugs.launchpad.net/mahara/+bug/1734767](https://bugs.launchpad.net/mahara/+bug/1734767), [https://mahara.org/interaction/forum/topic.php?id=8150](https://mahara.org/interaction/forum/topic.php?id=8150), [https://reviews.mahara.org/#/c/8312/](https://reviews.mahara.org/#/c/8312/).
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mahara
- canonical/mahara
- version/mahara/16.10.0
- version/mahara/17.04.0
- version/mahara/17.10.0